2023 Aug - Threat Trend Report on Kimsuky Group
2023-10-23 • Ahnlab •
Attachments
AhnLab's August 2023 Kimsuky trend report says BabyShark activity rose sharply while FlowerPower, RandomQuery, and AppleSeed activity remained low. The source notes phishing samples in infrastructure previously associated with FlowerPower, RandomQuery, and AppleSeed, plus BabyShark samples found in RandomQuery infrastructure, suggesting multiple Kimsuky malware types may share delivery infrastructure. It also identifies BabyShark as an HTA based infostealer, AppleSeed as a backdoor, FlowerPower as PowerShell based malware, and RandomQuery as a script based infostealer that downloads additional code.
Related Actors
Related Reports
Shares tags: Kimsuky, AppleSeed, BabyShark • Same author: Ahnlab • Published within a month
Shares tags: Kimsuky, BabyShark, FlowerPower • Same author: Ahnlab
Shares tags: Kimsuky, AppleSeed, FlowerPower • Same author: Ahnlab
Shares tags: Kimsuky, FlowerPower, RandomQuery • Same author: Ahnlab
Shares tag: Kimsuky • Same author: Ahnlab • Published within a month
Shares tag: Kimsuky • Same author: Ahnlab • Published within a month