Kimsuky

Kimsuky (also known as Velvet Chollima, Black Banshee, THALLIUM, or Emerald Sleet^[1]) is a North Korean state-backed hacker group and advanced persistent threat that targets South Korean think tanks, industry, nuclear power operators, and the South Korean Ministry of Unification for espionage purposes. In recent years Kimsuky has expanded their operations to target states such as Russia, the United States, and European nations.^[2]

History

According to the U.S. Cybersecurity and Infrastructure Security Agency Kimsuky has likely been active since 2012.^[3]

In March 2015 it was reported that South Korea claimed Kimsuky stole data from Korea Hydro & Nuclear Power.^[4]

In August 2019 it was reported that Kimsuky was targeting retired South Korean diplomats, government, and military officials, in an attack called "the first of its kind."^[5]

In September 2020 it was reported that Kimsuky attempted to hack 11 officials of the United Nations Security Council.^[4]

A lawmaker from the People Power Party reported that, in May 2021, Kimsuky was detected within the internal networks of the Korea Atomic Energy Research Institute.^[6]

See also

• Lazarus Group
• Ricochet Chollima

References

1. "How Microsoft names threat actors". Microsoft. Retrieved 21 January 2024.
2. Nocturnus, Cybereason. "Back to the Future: Inside the Kimsuky KGH Spyware Suite". www.cybereason.com. Retrieved 2021-03-15.
3. "North Korean Advanced Persistent Threat Focus: Kimsuky | CISA". us-cert.cisa.gov. Retrieved 2021-03-15.
4. Cimpanu, Catalin. "North Korea has tried to hack 11 officials of the UN Security Council". ZDNet. Retrieved 2021-03-15.
5. Cimpanu, Catalin. "North Korean state hackers target retired diplomats and military officials". ZDNet. Retrieved 2021-03-15.
6. Onchi, Yosuke (June 18, 2021). "North Korean hack targets South's nuclear power research". Nikkei Asian Review. Archived from the original on June 18, 2021.