SharpTongue: pwning your foreign policy, one interview request at a time

2023-10-05 • Volexity •

https://www.virusbulletin.com/conference/vb2023/abstracts/sharptongue-pwning-your-foreign-policy-one-interview-request-time/

#SharpTongue #T1574

Attachments

SharpTongue-pwning-your-foreign-policy-one-interview-request-at-a-time.pdf (2 MB)

Thumbnail for SharpTongue: pwning your foreign policy, one interview request at a time

Volexity's Virus Bulletin paper profiles SharpTongue, a North Korean threat actor often grouped under Kimsuky, through years of observed spear phishing, malware, C2 infrastructure, and incident response cases. SharpTongue targets people with access to North Korea policy information, including journalists, US and South Korean government personnel, professors, and think tanks working on sanctions, nuclear issues, or foreign policy. The group often starts with interview or collaboration emails, spoofs trusted contacts, and uses stolen correspondence to build credibility before sending credential-phishing links or malware. The paper also covers the group's efforts to shield C2 servers from researcher scrutiny and its malware arsenal after compromise.

Indicators of Compromise

Type	Value	First Seen	Last Seen
HASH	4d63c840d5f4022666878b5d6ccd0da…	2023-10-05	2023-10-05
URL	https://httpd.apache.org/docs/2…	2023-10-05	2023-10-05
URL	https://www.kinu.or.kr/eng/boar…	2023-10-05	2023-10-05
URL	https://slimpdf.en.softonic.com/	2023-10-05	2023-10-05
DOMAIN	slimpdf.en.softonic.com	2023-10-05	2023-10-05

Related Actors

Sharp Tongue

Volexity

Kimsuky

First seen: Jul 2022

Last seen: Oct 2023

Related Reports

2022-07-28 • 50% Match

SharpTongue Deploys Clever Mail-Stealing Browser Extension “SHARPEXT”

Volexity

#SHARPEXT #SharpTongue

Shares tag: SharpTongue • Same author: Volexity

2023-04-20 • 25% Match

3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible

Mandiant

#YARA #SupplyChain #3CXDesktopApp #SmoothOperator #UNC4736 #X_Trader #UNC4469 #UNC3782 #T1082 #T1140 #T1070.004 #T1071.001 #T1195.002 #T1112 #T1083 #T1497 #T1036 #T1027 #T1071 #T1195 #T1497.001 #T1105 #T1055 #T1620 #T1574.002 #T1622 #T1190 #T1588 #T1574 #T1573.002 #T1614 #T1573 #T1608 #T1070 #T1614.001 #T1071.004 #T1012 #T1588.004 #T1565.001 #T1036.001 #T1070.001 #T1608.003 #T1565

Shares tag: T1574

2026-02-26 • 20% Match

APT37 Adds New Tools For Air-Gapped Networks

Zscaler

#APT37 #LNK #T1125 #T1082 #T1567.002 #T1113 #T1083 #T1056.001 #T1204.001 #T1027 #T1057 #T1053.005 #T1059.001 #T1036.005 #T1055 #T1620 #T1123 #T1052.001 #T1132.002 #T1574 #T1564.001 #T1092

Shares tag: T1574

2025-12-31 • 20% Match

The Lazarus Group Threat Profile: An Expert Analysis

Provendata

#Lazarus #T1204 #T1566 #T1059 #T1189 #T1574 #T1134.002 #T1547 #T1027.007 #T1068 #T1021.001 #T1574.001

Shares tag: T1574

2025-08-25 • 20% Match

AppleJeus

MITRE

#AppleJeus #G1049 #T1027 #T1071 #T1566 #T1102 #T1195 #T1055 #T1620 #T1543 #T1078 #T1218 #T1203 #T1189 #T1574 #T1657 #T1217 #T1573 #T1546 #T1553 #T1559 #T1678

Shares tag: T1574

2024-11-06 • 20% Match

揭秘APT37：朝鲜黑客组织的攻击手法及工具

David_Jou

#APT37 #CVE-2024-38178 #VeilShell #T1082 #T1140 #T1041 #T1555 #T1560 #T1112 #T1027 #T1071 #T1204 #T1057 #T1053 #T1566 #T1059 #T1003 #T1055 #T1574 #T1547 #T1070 #T1033 #T1132 #T1030 #T1069

Shares tag: T1574

« Back