Inside Kimsuky’s Latest Cyberattack: Analyzing Malicious Scripts and Payloads
Essential information
- Published
- 27/03/2025 21:47
- Modified
- 27/03/2025 21:54
- Tags
- 2025-03-27 64677cae14a2ec4d393a81548417b61b apt group black banshee c2 command chrome edge file firefox kimsuky naver whale rats zip file
- Related entities
- 1 intrusion sets (apt), 11 techniques (mitre), 1 malware, 3 others
Description
Kimsuky, also known as “Black Banshee,” a North Korean APT group active at least from 2012, is believed to be state-sponsored. Their cyber espionage targets countries like South Korea, Japan, and the U.S. Their tactics include phishing, malware infections (RATs, backdoors, wiper malware), supply chain attacks, lateral movement within networks and data exfiltration.