Alias Description | Votes |
---|---|
Thallium is a possible alias for Kimsuky. Thallium, also known as Kimsuky, APT43, Velvet Chollima, and Black Banshee, is a significant threat actor that has been active since at least 2012. This group, believed to be operating on behalf of the North Korean regime, conducts intelligence collection and uses cybercrime to fund espionage activi | 7 |
Velvet Chollima is a possible alias for Kimsuky. Velvet Chollima, also known as Kimsuky, APT43, Thallium, Black Banshee, and Emerald Sleet among other names, is a threat actor believed to be based in North Korea. The group has been active since 2012 and is linked to North Korea’s General Reconnaissance Bureau, the country's main military intellige | 6 |
Apt43 is a possible alias for Kimsuky. APT43, also known as Kimsuky, is a North Korean Advanced Persistent Threat (APT) group that has been active since at least 2013. The group is known for its intelligence collection activities and using cybercrime to fund espionage. It has been linked to several aliases including Springtail, ARCHIPELA | 6 |
APT37 is a possible alias for Kimsuky. APT37, also known as RedEyes, TA-RedAnt, Reaper, ScarCruft, and Group123, is a threat actor suspected to be linked with North Korea. This group has been active since at least 2012 and targets various industry verticals primarily in South Korea, but also in Japan, Vietnam, and the Middle East. These | 4 |
Lazarus Group is a possible alias for Kimsuky. The Lazarus Group, a notorious threat actor linked to North Korea, is among the most prolific and dangerous cyber threat actors in operation. They have been involved in numerous cyber-attacks worldwide, with significant efforts put into their social engineering strategies. Their activities include e | 3 |
KONNI is a possible alias for Kimsuky. Konni is a malicious software (malware) linked to North Korea, specifically associated with the state-sponsored Kimsuky group. This advanced persistent threat (APT) has been active since at least 2021, focusing on high-profile targets such as the Russian Ministry of Foreign Affairs, the Russian Emba | 3 |
Emerald Sleet is a possible alias for Kimsuky. Emerald Sleet, a threat actor associated with North Korea, has been identified as a significant player in cyber espionage. This group is known for its sophisticated use of artificial intelligence and machine learning models (LLMs), leveraging them to enhance spear-phishing campaigns, research public | 2 |
STOLEN PENCIL is a possible alias for Kimsuky. The STOLEN PENCIL operation, first reported in May 2018, was a cyber espionage campaign potentially originating from the Democratic People's Republic of Korea (DPRK). The threat actor, known as Kimsuky, targeted academic institutions using spear-phishing tactics for initial intrusion. This involved | 2 |
Reconnaissance General Bureau Rgb is a possible alias for Kimsuky. The Reconnaissance General Bureau (RGB) of the Korean People's Army is a significant threat actor in global cybersecurity, housing various hacking groups under its control. These groups include well-known entities such as "Lazarus Group," "Bluenoroff," and "Andariel," identified by Executive Order 1 | 2 |
Reconnaissance General Bureau is a possible alias for Kimsuky. The Reconnaissance General Bureau (RGB) is a North Korean intelligence agency known for its clandestine operations abroad. Its cyber activities, believed to be coordinated by the secretive organization, have been linked to various threat actors since at least 2014. Notable entities include the Beagl | 2 |
Sparkling Pisces is a possible alias for Kimsuky. Sparkling Pisces, also known as Kimsuky, APT43, Emerald Sleet, and THALLIUM, is a North Korean Advanced Persistent Threat (APT) group notorious for its intelligence collection efforts and use of cybercrime to fund espionage. Discovered by Unit 42 researchers, this group has been linked to multiple m | 2 |
Black Banshee is a possible alias for Kimsuky. Black Banshee, also known as Kimsuky, APT43, Emerald Sleet, Velvet Chollima, and TA406, is a threat actor group believed to be operating under the North Korean Reconnaissance General Bureau (RGB), the country's primary intelligence service. The group has been active since at least 2012, according to | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The BabyShark Malware is associated with Kimsuky. BabyShark is a malicious software (malware) that has been linked to the North Korean Advanced Persistent Threat (APT) group known as Kimsuky, also referred to as Thallium and Velvet Chollima. This malware, written in Microsoft Visual Basic script, was first identified in November 2018 and was used p | Unspecified | 5 |
The Reconshark Malware is associated with Kimsuky. ReconShark is a new malware variant deployed by the North Korea-linked Advanced Persistent Threat (APT) group, Kimsuky. This tool has been observed in an ongoing campaign, used as an infostealer-downloader and is a new iteration of the group's custom BabyShark malware family. The ReconShark tool is | Unspecified | 5 |
The Lockbit Malware is associated with Kimsuky. LockBit is a type of malware, specifically a ransomware, that infiltrates systems to exploit and damage them. It's known for its disruptive activities such as stealing personal information or holding data hostage for ransom. The LockBit ransomware gang has claimed responsibility for several high-pro | Unspecified | 2 |
The Black Basta Malware is associated with Kimsuky. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defenses | Unspecified | 2 |
The Toddleshark Malware is associated with Kimsuky. ToddleShark is a new variant of malware, believed to be an evolution of Kimsuky's BabyShark and ReconShark backdoors. It has been identified by Kroll's analysts as being used by the North Korean APT hacking group Kimsuky to target government organizations, research centers, universities, and think t | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Andariel Threat Actor is associated with Kimsuky. Andariel, also known as Jumpy Pisces and PLUTONIUM, is a notorious threat actor associated with the North Korean government. Historically involved in cyberespionage, financial crime, and ransomware attacks, this group has been active since at least 2014 when it made headlines with an attack on Sony | Unspecified | 5 |
The Rgb Threat Actor is associated with Kimsuky. RGB is a threat actor group, part of North Korea's Reconnaissance General Bureau (RGB), a military intelligence agency under the General Staff Bureau of the Korean People's Army. Over the years, the RGB has revealed at least six threat groups, including Andariel, also known as Onyx Sleet, formerly P | Unspecified | 2 |
The ScarCruft Threat Actor is associated with Kimsuky. ScarCruft, also known as APT37, Inky Squid, RedEyes, Reaper, or Group123, is a North Korean threat actor group associated with malicious cyber activities. Their actions have been linked to the execution of targeted attacks against individual Android devices, as outlined in a VB2023 paper titled "Int | Unspecified | 2 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
Securityaffairs | 25 days ago | ||
Securityaffairs | a month ago | ||
Checkpoint | a month ago | ||
BankInfoSecurity | a month ago | ||
Unit42 | a month ago | ||
DARKReading | a month ago | ||
BankInfoSecurity | 2 months ago | ||
Contagio | 2 months ago | ||
Unit42 | 2 months ago | ||
DARKReading | 2 months ago | ||
Securityaffairs | 2 months ago | ||
InfoSecurity-magazine | 2 months ago | ||
Securityaffairs | 3 months ago | ||
InfoSecurity-magazine | 3 months ago | ||
Securityaffairs | 3 months ago | ||
Securityaffairs | 3 months ago | ||
Securityaffairs | 3 months ago | ||
Securityaffairs | 3 months ago | ||
Securityaffairs | 4 months ago | ||
BankInfoSecurity | 4 months ago |