외신 인터뷰 의뢰 사칭 김수키 공격 발견

2024-06-03 Genians Kimsuky Attack Disguised as a Foreign Media Interview Request Discovered

https://www.genians.co.kr/blog/threat_intelligence/interview

Thumbnail for 외신 인터뷰 의뢰 사칭 김수키 공격 발견

Kimsuky impersonated a foreign news-agency researcher to approach North Korean human-rights activists with written interview requests about Korean Peninsula peace issues. The campaign used spear-phishing, malicious HWP documents, and MSC files disguised with DOC or PDF icons, then communicated with command-and-control infrastructure in Italy to enable internal information theft.

Indicators of Compromise

Type Value First Seen Last Seen
IPv4 52.177.14.24 2019-08-24 2025-07-01
DOMAIN profilepimpz.com 2024-06-03 2024-06-13
HASH cb82751ae9f84709268fd5e5b135b74e 2024-06-03 2024-06-03
HASH 1cfef99f68b749d81736397e652c3d87 2024-06-03 2024-06-03
HASH d87ba0743c3de99f02b277068b9aea95 2024-06-03 2024-06-03
HASH 9eb0b3e2f61ef255ef51ace86381a258 2024-06-03 2024-06-03
HASH a27a6dbb2144f2dff187d8abc7b3eafb 2024-06-03 2024-06-03
HASH 5eae3d3b9aeeb0a4186ad3b68ff2da59 2024-06-03 2024-06-03
HASH 5f6303697bf8e978bf674ea8a7094673 2024-06-03 2024-06-03
HASH a7c5797956520905f71ab79873bcf950 2024-06-03 2024-06-03
URL https://temp.demetradesign.it/e… 2024-06-03 2024-06-03
URL https://orientedworld.com/wp-co… 2024-06-03 2024-06-03
URL https://temp.demetradesign.it/e… 2024-06-03 2024-06-03
URL https://temp.demetradesign.it/e… 2024-06-03 2024-06-03
URL https://orientedworld.com/wp-co… 2024-06-03 2024-06-03
URL https://temp.demetradesign.it/e… 2024-06-03 2024-06-03
DOMAIN orientedworld.com 2024-06-03 2024-06-03
DOMAIN temp.demetradesign.it 2024-06-03 2024-06-03
IPv4 89.40.173.131 2024-06-03 2024-06-03
IPv4 46.252.150.82 2024-06-03 2024-06-03
DOMAIN brandwizer.co 2024-05-10 2024-06-03
IPv4 5.9.123.217 2024-05-10 2024-06-03
IPv4 162.0.209.27 2023-06-06 2024-06-03

Related Actors

Related Reports

« Back