Kimsuky, also known as Black Banshee, is described as a North Korean APT active since at least 2012 and focused on espionage against targets in South Korea, Japan, the United States, and other countries. The advisory summarizes common Kimsuky tradecraft including phishing, malware deployment, supply chain compromise, lateral movement, and data exfiltration. It notes prior mobile operations using FastFire, FastViewer, and FastSpy Android malware with Firebase C2, plus ReconShark reconnaissance malware tied to BabyShark. The active IOC section lists domains including nts-service.o-r.kr and memconfirms.online for defensive blocking and hunting.