Overview of AhnLab’s Response to “Korea-Germany Joint Cyber Security Advice”
On March 20, Korea’s National Intelligence Service (NIS) and Germany’s Federal Office for the Protection of the Constitution (Bundesamt für Verfassungsschutz, BfV) released a joint security advisory related to the Kimsuky hacker group. According to the joint security advisory, the Kimsuky hacker group exploited the extension feature of Chromium browsers and the app developer support feature for Android in an attack campaign to steal account credentials. Although their primary targets are Korean Peninsula and North Korea experts, it was stated that it could expand to unspecified individuals around the world.
- Title: Warning on KIMSUKY Cyber Actor’s Recent Cyber Campaigns against Google’s Browser and App Store Services
- Security Advisory: Korea’s National Cyber Security Center (NCSC) Link
AhnLab detects the Indicator of Compromise (IoC) files published in the joint advisory in the following way.
| IoC MD5 | Detection Name | Engine Version |
| 012d5ffe697e33d81b9e7447f4aa338b | Configuration files are not targeted for detection | – |
| 51527624e7921a8157f820eb0ca78e29 | Backdoor/JS.Agent.SC182439 | 2022.11.02.03 |
| 582a033da897c967faade386ac30f604 | Backdoor/JS.Agent.SC182438 | 2022.11.02.03 |
| 04bb7e1a0b4f830ed7d1377a394bc717 | Android-Trojan/Kimsuky | 2022.10.27.00 |
| 89f97e1d68e274b03bc40f6e06e2ba9a | Android-Trojan/FastSpy | 2022.10.28.05 |
| 3458daa0dffdc3fbb5c931f25d7a1ec0 | Android-Trojan/Kimsuky | 2022.12.15.01 |
Gain access to related IOCs and detailed analysis by subscribing to AhnLab TIP. For subscription details, click the banner below.
