Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence
2023-06-06 • Sentinel One •
- SentinelLabs has been tracking a social engineering campaign by the North Korean APT group Kimsuky targeting experts in North Korean affairs, part of a broader campaign discussed in a recent NSA advisory. Kimsuky, a suspected North Korean advanced persistent threat (APT) group whose activities align with the interests of the North Korean government, is known for its global targeting of organizations and individuals. Based on the used malware, infrastructure, and tactics, we assess with high confidence that the campaign has been orchestrated by the Kimsuky threat actor. This Kimsuky activity indicates the group’s growing efforts to establish early communication and foster trust with their targets prior to initiating malicious operations, including the delivery of malware.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| IPv4 | 162.0.209.27 | 2023-06-06 | 2024-06-03 |
| HASH | 4150b40c00d8ab2e960aa059159149a… | 2023-06-06 | 2023-06-06 |
| HASH | 7514fd9e5667fc5085373704fe2ea95… | 2023-06-06 | 2023-06-06 |
| HASH | a1597d197e9b084a043ada5c7dac1f9… | 2023-06-06 | 2023-06-06 |
| HASH | 41e39162ae3a6370b1100be2b35bb09… | 2023-06-06 | 2023-06-06 |
| DOMAIN | drive-google.shanumedia.com | 2023-06-06 | 2023-06-06 |