VB2019 paper: Kimsuky group: tracking the king of the spear-phishing

Posted by    on   Mar 10, 2020

In September 2013, Kaspersky reported a new APT group it dubbed ‘Kimsuky’, which it linked to North Korea. The group, whose interests include South Korean industry, journalists and North Korean defectors, continues to be active: recent activity was analysed by Yoroi earlier this month.

Jaeki Kim. Kyoung-Ju Kwak and Min-Chang Jang from Financial Security Institute have been tracking the group and its various spear-phishing activities for years. In a paper presented at VB2019 in London, they detailed the tools and activities used by this group, some of which they were able to analyse through OpSec failures by the group.

Kimsuky-Figure 2.pngThe flow of malware used in spear-phishing attacks.

Today, we publish the researchers' paper in both HTML and PDF format.

VB2019-conference-paper.jpgKimsuky group: tracking the king of the spear-phishing

Read the paper (HTML)

Download the paper (PDF)


Are you tracking an APT group? Have you fought their targeting of your organisation? Why not submit a paper for VB2020 in Dublin, Ireland, the deadline for which is Sunday 15 March.



Latest posts:

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

VB2021 localhost is over, but the content is still available to view!

VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.

VB2021 localhost call for last-minute papers

The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.