Ta427

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
TA427, also known as Emerald Sleet, APT43, THALLIUM or Kimsuky, is a threat actor that has been active in the cybersecurity landscape. Known for their malicious intent, TA427 has been directly contacting foreign policy experts since 2023, according to an advisory published by Proofpoint. The group solicits opinions on various sensitive topics such as nuclear disarmament and US-South Korean policies through seemingly innocent email conversations. This approach allows them to engage with targets over extended periods, building rapport and gathering information without immediate use of malware or credential harvesting techniques. In recent months, there has been a significant uptick in TA427's activities. They have exhibited a shift in tactics, employing sophisticated social engineering strategies and regularly changing email infrastructures. More alarmingly, they have begun exploiting lax Domain-based Message Authentication, Reporting and Conformance (DMARC) policies to impersonate various personas. This new tactic enables them to further their reach and effectiveness in their operations, making it even more challenging for targets to identify and counteract their efforts. The targets of TA427's phishing campaigns are not limited to any particular sector but span across think tanks, NGOs, media, academia, and government. By targeting these diverse groups, TA427 is able to access a wide array of valuable and sensitive information. It is crucial for organizations within these sectors to stay vigilant and adopt robust cybersecurity measures to mitigate the risks posed by this evolving threat actor.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Kimsuky
1
Kimsuky is a North Korea-linked advanced persistent threat (APT) group that conducts global cyber-attacks to gather intelligence for the North Korean government. The group has been identified as a significant threat actor, executing actions with malicious intent, and has recently targeted victims vi
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Proofpoint
Malware
Phishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Ta427 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
InfoSecurity-magazine
3 months ago
North Korean Group Kimsuky Exploits DMARC and Web Beacons