The North Korean nation-state group Kimusky has been linked to a new set of malicious activities directed against political and diplomatic entities located in its southern counterpart in early 2022.
Russian cybersecurity firm Kaspersky codenamed the cluster GoldDragon, with the infection chains leading to the deployment of Windows malware designed to file lists, user keystrokes, and stored web browser login credentials.
Included among the potential victims are South Korean university professors, think tank researchers, and government officials.
Kimsuky, also known as Black Banshee, Thallium, and Velvet Chollima, is the name given to a prolific North Korean advanced persistent threat (APT) group that targets entities globally, but with a primary focus on South Korea, to gain intelligence on various topics of interest to the regime.
Known to be operating since 2012, the group has a history of employing social engineering tactics, spear-phishing, and watering hole attacks to exfiltrate desired information from victims.
Late last month, cybersecurity firm Volexity attributed the actor to an intelligence gathering mission designed to siphon email content from Gmail and AOL via a malicious Chrome browser extension dubbed Sharpext.
