Kimsuky
High ConfidenceHigh ThreatVelvet Chollima • Thallium • Black Banshee • Emerald Sleet • TA406 • APT43
Kimsuky is a North Korean state-sponsored advanced persistent threat (APT) group that has been active since at least 2012. The group is also known as Thallium, Velvet Chollima, and APT43. Kimsuky is primarily engaged in cyber espionage, with a focus on gathering intelligence on foreign policy, national security, and other matters of strategic interest to the North Korean government. The group's primary targets are located in South Korea, Japan, and the United States, and include government agencies, think tanks, research institutions, and individuals with expertise in areas relevant to North Korea's interests. Kimsuky is known for its use of social engineering and spearphishing to gain initial access to target networks. The group often tailors its phishing campaigns to the specific interests of its targets, using lures related to topics such as the North Korean nuclear program, international relations, and public policy. Once inside a network, Kimsuky employs a variety of custom malware and tools to exfiltrate data and maintain persistence. The group has demonstrated a consistent ability to evolve its tactics and techniques to evade detection and maintain its operational effectiveness. Over the years, Kimsuky has been responsible for a number of high-profile cyber espionage campaigns, including attacks against the Korea Hydro & Nuclear Power Co., Ltd. in 2014, and Operatio...
Kimsuky is a North Korean state-sponsored advanced persistent threat (APT) group that has been active since at least 2012. The group is also known as Thallium, Velvet Chollima, and APT43. Kimsuky is primarily engaged in cyber espionage, with a focus on gathering intelligence on foreign policy, national security, and other matters of strategic interest to the North Korean government. The group's primary targets are located in South Korea, Japan, and the United States, and include government agencies, think tanks, research institutions, and individuals with expertise in areas relevant to North Korea's interests. Kimsuky is known for its use of social engineering and spearphishing to gain initial access to target networks. The group often tailors its phishing campaigns to the specific interests of its targets, using lures related to topics such as the North Korean nuclear program, international relations, and public policy. Once inside a network, Kimsuky employs a variety of custom malware and tools to exfiltrate data and maintain persistence. The group has demonstrated a consistent ability to evolve its tactics and techniques to evade detection and maintain its operational effectiveness. Over the years, Kimsuky has been responsible for a number of high-profile cyber espionage campaigns, including attacks against the Korea Hydro & Nuclear Power Co., Ltd. in 2014, and Operatio...
Target Sectors
Target Regions
Attributed to RGB (Reconnaissance General Bureau) (North Korea). Attribution confidence: High.
Future Outlook
Kimsuky is expected to continue operations targeting Government sectors.
First observed activity of Kimsuky
Continued active operations