Threat Trend Report on Kimsuky Group – July 2023 Posted By ahnlabti , September 11, 2023 The Kimsuky group’s activities in July 2023 showed that FlowerPower is gaining traction, and the group is simultaneously diversifying their attack methods. Additionally, there were no particular issues regarding AppleSeed and RandomQuery types as they are now less used. The BabyShark type to be described in detail further on this report will be included in the statistics from July thereon. ATIP_2023_Jul_Threat Trend Report on Kimsuky Group
Threat Trend Report on Kimsuky – May 2023 Posted By ahnlabti , July 7, 2023 The Kimsuky group’s activities in May 2023 had increased slightly in comparison to their activities in April. Also, new top-level domains (TLDs) have begun to be detected, and there were small changes to the codes. Figure 1. FQDN statistics by attack type in the last 3 months (Unit: each) ATIP_2023_May_Threat Trend Report on Kimsuky Group
Threat Trend Report on Kimsuky – April 2023 Posted By ahnlabti , June 9, 2023 The Kimsuky group’s activities in April 2023 showed a decline in comparison to their activities in March, falling under half the number of the previous month. Korean domains were used for FlowerPower like before without major changes, and the RandomQuery type also remained the same. Lastly, we confirmed that the domain responsible for distributing AppleSeed has been spreading the Google Chrome Remote Desktop setup script. Also, the dropper file and AppleSeed file used different argument values, which is a shift…
