Hackers regularly resort to targeted phishing to protect the interests of the DPRK in the international arena.
South Korean cybersecurity specialists from the company ASEC discovered the activity of hackers associated with North Korea. A group of criminals known as Kimsuky uses targeted phishing techniques to spread a variety of malware, including AppleSeed, Meterpreter, and TinyNuke, in order to seize control of infected systems.
Kimsuky, which has been active for more than a decade, initially targeted South Korea, but since 2017 has expanded its activities to other regions. The group was sanctioned by the United States for gathering intelligence on behalf of the DPRK government.
The main method of Kimsuky attacks is sending phishing emails with malicious documents leading to the installation of various types of malware. One of the group's key tools is AppleSeed, a DLL malware that has been used since May 2019. Not so long ago, it was supplemented with an Android version, as well as a new version in the Golang language, called AlphaSeed.
AppleSeed is designed to receive commands from an attacker's server, download additional malware, and exfiltrate sensitive data. AlphaSeed, developed in Golang, uses the "chromedp" library to communicate with the management server, unlike AppleSeed, which uses HTTP or SMTP protocols.
There is evidence that Kimsuky has used AlphaSeed in real attacks since October 2022, and in some cases both AppleSeed and AlphaSeed were delivered to the same system.
Attackers also often use programs such as Meterpreter and VNC programs, including TightVNC and TinyNuke, to control already infected systems.
In addition, Nisos also recently revealed the activities of North Korean IT professionals who illegally obtained remote work for American companies through fictitious accounts on LinkedIn and GitHub.
North Korean hackers have launched a series of sophisticated attacks in recent years, combining new tactics and supply chain vulnerabilities to attack blockchain and cryptocurrency companies. The purpose of such attacks remains unchanged even after years — the priority of hackers is the theft of intellectual property and virtual assets.
The aggressive nature of the attacks by Kimsuky and other North Korean groups only highlights the closed state's eagerness to circumvent international sanctions and illegally benefit from cybercrime schemes.
South Korean cybersecurity specialists from the company ASEC discovered the activity of hackers associated with North Korea. A group of criminals known as Kimsuky uses targeted phishing techniques to spread a variety of malware, including AppleSeed, Meterpreter, and TinyNuke, in order to seize control of infected systems.
Kimsuky, which has been active for more than a decade, initially targeted South Korea, but since 2017 has expanded its activities to other regions. The group was sanctioned by the United States for gathering intelligence on behalf of the DPRK government.
The main method of Kimsuky attacks is sending phishing emails with malicious documents leading to the installation of various types of malware. One of the group's key tools is AppleSeed, a DLL malware that has been used since May 2019. Not so long ago, it was supplemented with an Android version, as well as a new version in the Golang language, called AlphaSeed.
AppleSeed is designed to receive commands from an attacker's server, download additional malware, and exfiltrate sensitive data. AlphaSeed, developed in Golang, uses the "chromedp" library to communicate with the management server, unlike AppleSeed, which uses HTTP or SMTP protocols.
There is evidence that Kimsuky has used AlphaSeed in real attacks since October 2022, and in some cases both AppleSeed and AlphaSeed were delivered to the same system.
Attackers also often use programs such as Meterpreter and VNC programs, including TightVNC and TinyNuke, to control already infected systems.
In addition, Nisos also recently revealed the activities of North Korean IT professionals who illegally obtained remote work for American companies through fictitious accounts on LinkedIn and GitHub.
North Korean hackers have launched a series of sophisticated attacks in recent years, combining new tactics and supply chain vulnerabilities to attack blockchain and cryptocurrency companies. The purpose of such attacks remains unchanged even after years — the priority of hackers is the theft of intellectual property and virtual assets.
The aggressive nature of the attacks by Kimsuky and other North Korean groups only highlights the closed state's eagerness to circumvent international sanctions and illegally benefit from cybercrime schemes.
