Kimsuky

Kimsuky is a cyber espionage group operating from North Korea that has been active since at least 2012 and is known to target organizations across South Korea, the US, and Japan. In addition, Kimsuky may be linked with North Korean government intelligence-gathering activities through Reconnaissance General Bureau (RGB).

Kimsuky uses spear-phishing as its primary method of attack, sending targeted emails containing malicious attachments or links to infect victims’ computers with malware. They have also employed watering hole attacks – targeting websites frequented by targets to infiltrate them with malware – to infect them further.

Kimsuky is best known for its espionage campaigns in South Korea against government agencies, defense contractors, research organizations, and think tanks. Additionally, the group has targeted organizations across North Korea’s border, including universities, think tanks, and financial institutions in Japan and America. Kimsuky seeks to acquire sensitive data that could help advance North Korean military and economic goals.

Kimsuky was linked to an attack against the Korean National Defense University that resulted in the theft of confidential military documents in 2016. Furthermore, in 2018 this group conducted a spear-phishing campaign that specifically targeted researchers working on North Korean issues within the US.

Kimsuky uses sophisticated spear-phishing campaigns and has strong ties to the North Korean government, making them a persistent and credible threat to organizations worldwide.

Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels across many industries and from around the world.