Sharptongue

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
SharpTongue, a cybersecurity threat actor also known as Kimsuky, has been identified as the entity behind a series of sophisticated cyber espionage campaigns. These campaigns have been characterized by their unique approach of using Chromium-based browser extensions for malicious purposes. The group's activities were first highlighted in the VB2023 paper titled "SharpTongue: pwning your foreign policy, one interview request at a time," which shed light on their modus operandi and their potential impact on international relations. In their campaigns, SharpTongue has demonstrated an ability to manipulate foreign policy by leveraging seemingly innocuous requests for interviews. Their tactics involve infiltrating systems through spear-phishing techniques disguised as interview invitations, thereby gaining unauthorized access to sensitive information. This strategy was detailed in the VB2023 paper, providing the cybersecurity community with valuable insights into the group's methods and objectives. SharpTongue's activities are part of a broader pattern of behavior for Kimsuky, which has been previously linked to other cyber espionage operations such as the Stolen Pencil campaign. This history of involvement in cyberattacks underscores the seriousness of the threat posed by this group. The continued use of Chromium-based browser extensions for cyber espionage purposes indicates a high level of technical expertise and adaptability, reinforcing the need for ongoing vigilance and robust cybersecurity measures.
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Kimsuky
1
Kimsuky, a threat actor linked to North Korea, has been identified as the perpetrator behind a series of advanced persistent threat (APT) attacks. The group is known for its malicious activities, which typically involve cyber espionage and targeted attacks on high-profile entities. Recently, Kimsuky
STOLEN PENCIL
1
The STOLEN PENCIL operation, first reported in May 2018, was a cyber espionage campaign potentially originating from the Democratic People's Republic of Korea (DPRK). The threat actor, known as Kimsuky, targeted academic institutions using spear-phishing tactics for initial intrusion. This involved
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Spyware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Sharptongue Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
German and South Korean Agencies Warn of Kimsuky’s Expanding Cyber Attack Tactics | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting
CERT-EU
9 months ago
Virus Bulletin :: Teasing the secrets from threat actors: malware configuration extractors
CERT-EU
a year ago
North Korean hackers plot Gmail theft attacks via Chrome extension | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting