Kimsuky (also known as Velvet Chollima and Black Banshee) is a North Korean state backed hacker group that targets South Korean think tanks, industry, nuclear power operators, and the South Korean Ministry of Unification for espionage purposes. In recent years Kimsuky has expanded their operations to include states such as Russia, the United States, and European nations.[1]


According to the U.S. Cybersecurity and Infrastructure Security Agency Kimsuky has been most likely operating since at least 2012.[2]

In March 2015 it was reported that South Korea claimed Kimsuky stole data from Korea Hydro & Nuclear Power.[3]

In August 2019 it was reported that Kimsuky was targeting retired South Korean diplomats, government, and military officials, in an attack called "the first of its kind."[4]

In September 2020 it was reported that Kimsuky attempted to hack 11 officials of the United Nations Security Council.[3]

A lawmaker from the People Power Party reported that, in May 2021, Kimsuky was detected within the internal networks of the Korea Atomic Energy Research Institute.[5]

See alsoEdit


  1. ^ Nocturnus, Cybereason. "Back to the Future: Inside the Kimsuky KGH Spyware Suite". Retrieved 2021-03-15.
  2. ^ "North Korean Advanced Persistent Threat Focus: Kimsuky | CISA". Retrieved 2021-03-15.
  3. ^ a b Cimpanu, Catalin. "North Korea has tried to hack 11 officials of the UN Security Council". ZDNet. Retrieved 2021-03-15.
  4. ^ Cimpanu, Catalin. "North Korean state hackers target retired diplomats and military officials". ZDNet. Retrieved 2021-03-15.
  5. ^ Onchi, Yosuke (June 18, 2021). "North Korean hack targets South's nuclear power research". Nikkei Asian Review. Archived from the original on June 18, 2021.