Ta406

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
TA406, also known as the Konni Group or Kimsuky, is a state-sponsored cybercrime organization based in North Korea. This threat actor has been implicated in numerous cyber espionage activities, targeting entities such as news media organizations, academic institutions, and think tanks. The group gained notoriety for its sophisticated attacks, which often involve integrating malware into software installation processes. One notable instance involved the group obtaining installer packages for Statistika KZU and incorporating the Konni malware into the installation process. In June 2023, U.S. and South Korean intelligence agencies issued warnings about cyberespionage attacks by Kimsuky. These alerts were directed at news media organizations, academic entities, and think tanks, highlighting the group's broad range of targets. Additionally, the group has been observed using commodity Remote Access Trojans (RATs) with custom Gold Dragon backdoors, further demonstrating their technical capabilities and malicious intent. More recently, in February 2024, TA406 was reported to have targeted Russia, compromising an installer for software used by the Russian Ministry of Foreign Affairs. The attack involved deploying the Konni RAT backdoor, also known as UpDog, which triggered an infection sequence upon opening the trojanized installer. This incident underscores the group's ongoing threat and its ability to infiltrate high-level government systems, emphasizing the need for robust cybersecurity measures against such advanced persistent threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
KONNI
2
Konni is a malware, short for malicious software, that poses a significant threat to computer systems and data. It's designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Konni can wreak havoc by stealin
Konni Group
2
The Konni Group, also known as TA406, is a threat actor believed to be associated with North Korean cyberespionage activities. According to cybersecurity firm DuskRise, the group has been involved in sophisticated cyberattacks, including one where they compromised a foreign ministry email account to
Updog
1
None
Thallium
1
Thallium, also known as Kimsuky, Velvet Chollima, and APT43, is a North Korean state-sponsored threat actor or hacking group that has been active since 2012. Tracked by the Cybereason Nocturnus Team and other security researchers, this cyber espionage group is believed to operate on behalf of the No
ScarCruft
1
ScarCruft, also known as APT37, Inky Squid, RedEyes, Reaper, or Group123, is a North Korean threat actor group associated with malicious cyber activities. Their actions have been linked to the execution of targeted attacks against individual Android devices, as outlined in a VB2023 paper titled "Int
Kimsuky
1
Kimsuky is a North Korea-linked advanced persistent threat (APT) group that conducts global cyber-attacks to gather intelligence for the North Korean government. The group has been identified as a significant threat actor, executing actions with malicious intent, and has recently targeted victims vi
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
State Sponso...
Cybercrime
Rat
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Ta406 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
4 months ago
Les dernières cyberattaques (5 mars 2024) • Cybersécurité OSINT
BankInfoSecurity
5 months ago
North Korean Group Seen Snooping on Russian Foreign Ministry
CERT-EU
5 months ago
Konni RAT deployed via backdoored Russian government tool installer
CERT-EU
a year ago
Anonymous Sudan claims DDoS attacks against Microsoft Outlook
CERT-EU
a year ago
Target of North Korean APT attack spills details of recent Kimsuky campaign
CERT-EU
a year ago
Kimsuky Strikes Again: New Campaign Targets Credentials and Intelligence