March Threat Intelligence Summary
e2e-assure
Redefining the modern SOC services through UK based 24x7x365 Managed Threat Detection and Response.
Over the last few weeks, we’ve been observing renewed activity from the North Koreaattributed threat activity group ‘Kim Suky’ aka APT43 (Mandiant), Velvet Chollima (CrowdStrike) and Emerald Sleet (Microsoft) as have the threat research team over at Securonix, who have uncovered a campaign of espionage and theft targeting South Korean entities. Dubbed ‘DEEP#GOSU’, the campaign incorporates an attack chain that leverages cloud services including Dropbox for downloading staged malware and Google Docs for C2, advanced living-off-the-land techniques and AV evasion techniques.
Kimsuky & DEEP#GOSU
Kimsuky, officially known as the Kim Suky Group, is a North Korean state-sponsored threat activity group recognised for its cyber espionage operations. This group has been active since at least 2012 and primarily targets South Korean government entities, although its operations have expanded globally, focusing on security, foreign policy, and economic interests that could be beneficial to the North Korean government.
Common Cyber Attack Techniques used by Kimsuky:
The group is known for its focus on gathering intelligence related to foreign policy and national security issues, as well as stealing sensitive information from various industries such as military, political and research organisations.
To read the full Kimusky breakdown and the March Threat Intelligence report in full: https://e2e.lg-cms.com/wp-content/uploads/2024/03/Threat-Intel-March-24.pdf