AhnLab summarized its detections for IOCs published in the South Korea–Germany joint advisory on Kimsuky. The advisory said Kimsuky used Chromium browser extensions and Android app-developer support functions to steal account information, primarily targeting Korean Peninsula and North Korea specialists while warning that the techniques could scale beyond that audience. AhnLab mapped the released MD5 indicators to detections including Backdoor/JS.Agent for JavaScript extension components and Android-Trojan/Kimsuky or Android-Trojan/FastSpy for mobile samples. The source is an IOC-response note rather than a full intrusion narrative, so the operational value is the vendor detection mapping for the joint advisory artifacts.