Threat Trend Report on Kimsuky – April 2023

The Kimsuky group’s activities in April 2023 showed a decline in comparison to their activities in March, falling under half the number of the previous month. Korean domains were used for FlowerPower like before without major changes, and the RandomQuery type also remained the same. Lastly, we confirmed that the domain responsible for distributing AppleSeed has been spreading the Google Chrome Remote Desktop setup script. Also, the dropper file and AppleSeed file used different argument values, which is a shift from the usual method of using identical ones. 

    1. FlowerPower
    2. RandomQuery
    3. AppleSeed
      1.  Found Using Chrome Remote Desktop
      2.  AppleSeed Using Two Argument Values

ATIP_2023_Apr_Threat Trend Report on Kimsuky Group

0 0 votes
Article Rating
Notify of

1 Comment
Inline Feedbacks
View all comments

[…] post Threat Trend Report on Kimsuky – April 2023 appeared first on ASEC […]