216.73.216.133

Analyzing threat actor Kimsuky email phishing campaign

· Published 04/12/2024 20:43 · Modified 04/12/2024 21:50

Export JSON

Essential information

Published
04/12/2024 20:43
Modified
04/12/2024 21:50
Tags
2024-12-04 credential-theft impersonation malwareless north korea phishing
Related entities
24 observables, 1 intrusion sets (apt), 12 techniques (mitre)

Description

The report provides an in-depth analysis of the email campaigns conducted by the Kimsuky threat actor group. It highlights their tactics of using diverse themes and subjects to pique the curiosity of recipients, targeting researchers and individuals related to North Korean affairs in an attempt to hijack accounts over several years. The report reveals how the group changes their attack staging servers from Japan to Russia to evade detection, employs attack strategies using finance-related lures, and underscores the need for proactive security measures against known IP addresses using EDR products.

External references