Black Banshee

Threat Actor updated 5 days ago (2024-11-29T14:14:30.759Z)

Download STIX

Preview STIX

Black Banshee, also known as Kimsuky, APT43, Emerald Sleet, Velvet Chollima, and TA406, is a threat actor group believed to be operating under the North Korean Reconnaissance General Bureau (RGB), the country's primary intelligence service. The group has been active since at least 2012, according to U.S. government estimates. Tracked by both the U.S. and South Korea governments, along with private-sector cybersecurity companies, Black Banshee is involved in large-scale social engineering campaigns, often using spoofed emails appearing to be from universities, think tanks, and journalists. The group has gained notoriety for its advanced persistent threat (APT) activities, which includes the use of unique tools and techniques. One such tool, dubbed "ReconShark," is characterized by unique execution instructions and server communication methods, further demonstrating the group's sophisticated cyber capabilities. This tool is used for reconnaissance, gathering valuable information that can be used in subsequent attacks. The Department of Treasury has officially designated Black Banshee as subordinate to the RGB, marking it as a significant threat to global cybersecurity. Their activities are part of a broader pattern of malicious cyber activity associated with North Korean operations. With their continued operation and evolving tactics, Black Banshee represents a persistent threat to institutions worldwide, necessitating ongoing vigilance and robust cybersecurity measures.

Description last updated: 2024-05-16T19:16:11.890Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Kimsuky is a possible alias for Black Banshee. Kimsuky is a threat actor group linked to North Korea, known for its malicious cyber activities with a particular focus on espionage. The group has been observed employing a variety of sophisticated tactics and techniques, including the use of malware such as TOGREASE, GREASE, and RandomQuery, which	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Black Banshee Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	7 months ago	Breach Roundup: Kimsuky Serves Linux Trojan
BankInfoSecurity	7 months ago	Breach Roundup: REvil Hacker Gets Nearly 14-Year Sentence
CERT-EU	a year ago	US Govt’s OFAC Sanctions North Korea-based Kimsuky Hacking Group
CERT-EU	a year ago	U.S. government sanctions prolific North Korean cyber espionage unit
CERT-EU	2 years ago	Cyber security week in review: May 5, 2023
CERT-EU	a year ago	North Korea’s social engineering threat not going away