Overview of AhnLab’s Response to “Korea-Germany Joint Cyber Security Advice”

On March 20, Korea’s National Intelligence Service (NIS) and Germany’s Federal Office for the Protection of the Constitution (Bundesamt für Verfassungsschutz, BfV) released a joint security advisory related to the Kimsuky hacker group. According to the joint security advisory, the Kimsuky hacker group exploited the extension feature of Chromium browsers and the app developer support feature for Android in an attack campaign to steal account credentials. Although their primary targets are Korean Peninsula and North Korea experts, it was stated that it could expand to unspecified individuals around the world.

  • Title: Warning on KIMSUKY Cyber Actor’s Recent Cyber Campaigns against Google’s Browser and App Store Services
  • Security Advisory: Korea’s National Cyber Security Center (NCSC) Link

AhnLab detects the Indicator of Compromise (IoC) files published in the joint advisory in the following way.

IoC MD5Detection NameEngine Version
012d5ffe697e33d81b9e7447f4aa338bConfiguration files are not targeted for detection
51527624e7921a8157f820eb0ca78e29Backdoor/JS.Agent.SC1824392022.11.02.03
582a033da897c967faade386ac30f604Backdoor/JS.Agent.SC1824382022.11.02.03
04bb7e1a0b4f830ed7d1377a394bc717Android-Trojan/Kimsuky2022.10.27.00
89f97e1d68e274b03bc40f6e06e2ba9aAndroid-Trojan/FastSpy2022.10.28.05
3458daa0dffdc3fbb5c931f25d7a1ec0Android-Trojan/Kimsuky2022.12.15.01

Subscribe to AhnLab’s next-generation threat intelligence platform ‘AhnLab TIP’ to check related IOC and detailed analysis information.

Categories:Malware Information

Tagged as:

5 1 vote
Article Rating
Subscribe
Notify of
guest

1 Comment
Inline Feedbacks
View all comments
trackback

[…] post Overview of AhnLab’s Response to “Korea-Germany Joint Cyber Security Advice” appeared first on ASEC […]