북한 해킹 단체 김수키(Kimsuky) 구글 드라이브로 위장한 사이트-gplokio(.)site(2024.7.23)

2024-07-30 Sakai Google Drive-Impersonating Site Created by the North Korean Hacking Group Kimsuky (2024.7.23)

https://wezard4u.tistory.com/429242

Thumbnail for 북한 해킹 단체 김수키(Kimsuky) 구글 드라이브로 위장한 사이트-gplokio(.)site(2024.7.23)

The report describes a Kimsuky phishing site that impersonated Google Drive and used a fake Google/Gmail service interruption notice to push users toward reauthentication. The lure at gplokio[.]site redirected victims through another domain toward a spoofed Google login flow intended to capture user credentials. The campaign relied on familiar Google branding, error-message language, and login prompts to make the credential-harvesting page appear legitimate.

Indicators of Compromise

Type Value First Seen Last Seen
URL https://www.gstatic.com/account… 2024-07-30 2024-07-30
URL https://gkjoiup.store/ 2024-07-30 2024-07-30
URL https://gplokio.site/drive/?ati… 2024-07-30 2024-07-30
DOMAIN gkjoiup.store 2024-07-30 2024-07-30
DOMAIN gplokio.site 2024-07-30 2024-07-30

Related Actors

Related Reports

« Back