페이스북과 MS관리콘솔을 활용한 Kimsuky APT 공격 발견

2024-05-10 Genians Kimsuky APT Attack Using Facebook and Microsoft Management Console Discovered

https://www.genians.co.kr/blog/threat_intelligence/facebook

Thumbnail for 페이스북과 MS관리콘솔을 활용한 Kimsuky APT 공격 발견

Genians reported a Kimsuky APT campaign that used Facebook personas posing as officials connected to North Korean human-rights work to approach South Korean security and North Korea-focused targets. After Messenger conversations, the operators shared malicious URL links through OneDrive and delivered MSC-based tooling assessed as similar to ReconShark, showing social-media reconnaissance and cloud-hosted delivery in the intrusion chain.

Indicators of Compromise

Type Value First Seen Last Seen
IPv4 52.177.14.24 2019-08-24 2025-07-01
HASH 7ca1a603a7440f1031c666afbe44afc8 2019-09-02 2024-12-02
DOMAIN brandwizer.co 2024-05-10 2024-06-03
IPv4 5.9.123.217 2024-05-10 2024-06-03
IPv4 162.0.209.27 2023-06-06 2024-06-03
HASH 75ec9f68a5b62705c115db5119a78134 2024-05-10 2024-05-10
HASH 49bac05068a79314e00c28b163889263 2024-05-10 2024-05-10
HASH 56fa059cf7dc562ce0346b943e8f58bb 2024-05-10 2024-05-10
HASH e86a24d9f3a42bbb8edc0ca1f8b3715c 2024-05-10 2024-05-10
HASH aa8bd550de4f4dee6ab0bfca82848d44 2024-05-10 2024-05-10
HASH 1dd007b44034bb3ce127b553873171e5 2024-05-10 2024-05-10
HASH a12757387f178a0ec092fb5360e4f473 2024-05-10 2024-05-10
HASH b5080c0d123ce430f1e28c370a0fa18b 2024-05-10 2024-05-10
DOMAIN makeoversalon.net 2024-05-10 2024-05-10
IPv4 162.0.209.91 2024-05-10 2024-05-10
IPv4 199.59.243.225 2024-05-10 2024-05-10
DOMAIN ielsems.com 2022-05-05 2024-05-10
DOMAIN dusieme.com 2022-05-05 2024-05-10
DOMAIN nuclearpolicy101.org 2021-07-26 2024-05-10
IPv4 69.163.180.70 2021-07-26 2024-05-10
DOMAIN login-main.bigwnet.com 2019-09-02 2024-05-10
DOMAIN seoulhobi.biz 2019-08-24 2024-05-10

Related Actors

Related Reports

« Back