Security news aggregator

Latest coverage for Kimsuky

Reports linked to Kimsuky cover intrusion analysis, infrastructure, disruption efforts, and defensive guidance for affected organizations.

25 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Kimsuky is a name used by security researchers for an intrusion set associated with multiple espionage campaigns. Public reporting has linked activity under this name to spearphishing, malicious documents or links, credential-harvesting pages, and malware delivery. Some governments and researchers have assessed parts of this activity as connected to North Korea, but actor attribution can be uncertain and the label may cover operations that differ over time.

The main security concern is compromise of email and cloud identities: stolen passwords, session tokens, or authentication data can provide access to sensitive conversations and additional accounts. Defenders should prioritize phishing-resistant multifactor authentication, rapid patching of exposed internet-facing systems, and monitoring for unusual sign-ins, new mail-forwarding rules, persistence, and suspicious browser or endpoint activity. If exposure is suspected, preserve phishing messages and authentication logs, revoke active sessions, reset credentials, and review connected applications before closing the investigation.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 25 Filtered view

The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking Seoul-based logistics firm CJ Logistics (formerly CJ Korea Express)

Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access

The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them

The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC)

Loading more headlines...