I found some information on AlienVault's Open Threat Exchange regarding the activities of North Korean hackers, particularly the Kimsuky group, and their targeted phishing campaigns. However, I couldn't access the specific page you referred to. Here's what I discovered from the available sources on AlienVault:
Kimsuky Group's Operations: The Kimsuky group is known for its social engineering attacks, such as spear phishing. They have been observed to target individuals working in areas related to North Korea and foreign affairs.
Targeted Social Engineering Campaign: Researchers have tracked a campaign by this group against experts in North Korean affairs from the non-government sector. This campaign focuses on stealing email credentials, delivering reconnaissance malware, and stealing NK News subscription credentials.
Espionage Focus: Kimsuky, identified as a North Korean state-sponsored group, targets various organizations globally, including academics, think tanks, and news media outlets. It's part of North Korea’s Reconnaissance General Bureau (RGB).
Infrastructure Identification: There has been identification of infrastructure likely associated with Kimsuky's targeted phishing attacks, suspected to be for espionage purposes.
Campaign Targets and Objectives: The targets of Kimsuky's campaigns include North Korea-focused information services, human rights activists, and organizations supporting DPRK defectors. Their main objective is to conduct file reconnaissance and exfiltrate information using the RandomQuery malware for precise subsequent attacks.
While this information provides a broader context about the Kimsuky group's activities, it does not directly address the specific analysis of their phishing scams on Telegram. For more detailed information on the specific analysis you mentioned, you might want to directly access the AlienVault report or look for related cybersecurity analysis on platforms like Krebs on Security, The Hacker News, or other reputable cybersecurity news sources.
IoC
DOMAIN
- internal-meeting.online
HOSTNAME
- ihsgpnsj.meetingverse.app
- hwsrv-1093408.hostwindsdns.com
- help.video-meet.team
- hashkey.video-meeting.team
- hashkey.video-meet.team
- hashkey.video-meet.online
- hashkey.team-meeting.xyz
- hashkey.team-meet.online
- hashkey.online-meeting.team
REFERENCES
- https://otx.alienvault.com/pulse/62348bd9b6a7b4a2162f4b20
- https://otx.alienvault.com/pulse/647ed2ebe2b603ef73deb40f
- https://otx.alienvault.com/pulse/646cda68d4a18bba1b9f8d81
- https://otx.alienvault.com/pulse/65773dc2466c7161e66b3d07
TAGS
APT,Lazarus Group
No comments:
Post a Comment