Sparkling Pisces

Malware updated 12 days ago (2024-09-26T15:00:54.066Z)
Download STIX
Preview STIX
Sparkling Pisces, also known as Kimsuky, THALLIUM, or Velvet Chollima, is a North Korean Advanced Persistent Threat (APT) group notorious for its sophisticated cyberespionage operations and advanced spear phishing attacks. The group was discovered by Unit 42 researchers who identified two malware samples used in their campaigns. Sparkling Pisces' infrastructure is complex and continuously evolving, overlapping across multiple malware strains and campaigns. It uses an unknown Uniform Resource Identifier (URI) pattern that has not been observed in any other malware associated with this group. The Sparkling Pisces malware shows significant similarities to a variant described in ASEC's research from 2022, based on code and behavioral characteristics. These similarities extend to the naming conventions of additional downloaded modules and logs, as well as the malware’s capabilities. This resemblance is particularly noticeable when compared to Sparkling Pisces’s KGHSpy backdoor, which was discovered in 2020. Our latest findings reveal another facet of Sparkling Pisces’ infrastructure and two additional threats in their toolkit. This highlights the continuous evolution and sophistication of Sparkling Pisces's tools and their ever-changing infrastructure. By understanding the mechanics of these pieces of malware and the methods employed by Sparkling Pisces, organizations can better prepare and defend against such threats.
Description last updated: 2024-09-26T14:16:11.324Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Kimsuky is a possible alias for Sparkling Pisces. Kimsuky, also known as Sparkling Pisces or APT43, is a threat actor linked to North Korea that has been involved in sophisticated cyberespionage operations. The group is notorious for its advanced spear phishing attacks and has recently been observed targeting victims via Messenger. Most of the targ
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Sparkling Pisces Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more