Rewterz describes Kimsuky, also called Black Banshee, as a North Korean APT active since at least 2012 and focused on espionage against organizations and individuals in South Korea, Japan, the United States, and other countries. The source lists phishing, malware infections, supply chain compromise, lateral movement, and data exfiltration as recurring Kimsuky tradecraft. It also references the group's Android malware activity using FastFire, FastViewer, and FastSpy, and its ReconShark reconnaissance malware derived from BabyShark. The active indicators include treffic.medianewsonline[.]com, partybbq.co[.]kr upload infrastructure, and multiple hash values tied to the advisory.