Kimsuky, alias Mystery Baby, Baby Coin, Smoke Screen, Black Banshe, etc., is tracked internally by Qi’anxin as APT-Q-2. The APT group was publicly disclosed in 2013, with attack activity dating as far back as 2012.
Kimsuky’s main target for attacks has been South Korea, involving defense, education, energy, government, healthcare, and think tanks, with a focus on classified information theft. The group typically delivers malware using social engineering, spearmail, and puddle attacks, and has a wide range of attack tactics, with weapons for both Windows and Android platforms. Summary of events A batch of malware similar to Kimsuky’s historical samples was recently discovered by the Qi’anxin Threat Intelligence Center. One of the samples releases software signed by Korean software vendor BlueMoonSoft to confuse victims.
Read more…
Source: Qi’anxin Threat Intelligence Center.
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Cyber criminals claim to have private information of 20 million people who signed up to Co-op’s membership
May 2, 2025
Cyber criminals have told BBC News their hack against Co-op is far more serious than the company previously admitted. Hackers contacted the BBC with proof they had infiltrated IT networks and stolen huge amounts of customer and employee data. After being approached on Friday, a Co-op spokesperson said the hackers “accessed data relating to a significant ...
- Dating app Raw exposed users’ location data and personal information
May 2, 2025
A security lapse at dating app Raw publicly exposed the personal data and private location data of its users, TechCrunch has found. The exposed data included users’ display names, dates of birth, dating and sexual preferences associated with the Raw app, as well as users’ locations. Some of the location data included coordinates that were specific ...
- Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape
May 1, 2025
In April 2024, Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using security-scoped bookmarks. With the ability to run code unrestricted on ...
- AI Agents are here. So are the threats.
May 1, 2025
Agentic applications are programs that leverage AI agents — software designed to autonomously collect data and take actions toward specific objectives — to drive their functionality. As AI agents are becoming more widely adopted in real-world applications, understanding their security implications is critical. This article investigates ways attackers can target agentic applications, presenting nine concrete attack ...
- Harrods becomes latest retailer struck by cyberattack attempts
May 1, 2025
Harrods has become the latest retailer to be targeted by cyberattacks, which have struck Marks and Spencer and The Co-op this week. The luxury department store revealed it has had to take action against similar hacking attempts in recent days. In a statement shared with ITV News, Harrods said: “We recently experienced attempts to gain unauthorised ...
- Email Attacks Drive Record Cybercrime Losses in 2024
May 1, 2025
The FBI’s Internet Crime Complaint Center (IC3) has released its 2024 Internet Crime Report. And it has revealed a record-breaking surge in cybercrime losses across the United States. Last year, total losses reached $16.6 billion, which is a 33% increase from the previous year. Email continues to be the most exploited attack vector, with cybercriminals using ...