Sparkling Pisces

Malware updated 14 days ago (2024-10-17T13:04:13.310Z)
Download STIX
Preview STIX
Sparkling Pisces, also known as Kimsuky, APT43, Emerald Sleet, and THALLIUM, is a North Korean Advanced Persistent Threat (APT) group notorious for its intelligence collection efforts and use of cybercrime to fund espionage. Discovered by Unit 42 researchers, this group has been linked to multiple malware strains and campaigns, demonstrating a complex and ever-evolving infrastructure. The group's proficiency in advanced spear-phishing attacks and sophisticated cyberespionage operations underscores the serious threat it poses. In their latest research, the Unit 42 team identified two previously undocumented malware samples tied to Sparkling Pisces. These findings further illuminate the group's continuously evolving toolkit and intricate infrastructure. The newly discovered malware exhibits code and behavioral similarities with a variant described in ASEC's 2022 research. It shares several characteristics, including naming conventions of additional downloaded modules and logs, with Sparkling Pisces's KGHSpy backdoor, which was initially uncovered in 2020. Interestingly, the new malware uses an unknown Uniform Resource Identifier (URI) pattern not observed in any other associated Sparkling Pisces malware, indicating a potential evolution in their methodology. This development underlines the group's relentless pursuit of innovation and sophistication in their cyber-attack strategies. As such, understanding and monitoring Sparkling Pisces remains crucial in combating cyber threats and safeguarding digital assets.
Description last updated: 2024-10-17T12:18:20.929Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Kimsuky is a possible alias for Sparkling Pisces. Kimsuky, also known as Springtail, ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, and APT43, is a North Korea-linked Advanced Persistent Threat (APT) group first identified by Kaspersky researchers in 2013. The group has been involved in various cyber espionage activities against global targ
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Sparkling Pisces Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more