Kimsuky Archives • Daily CyberSecurity

Kimsuky HttpSpy Malware Campaign Exploits Networks via Deceptive Overlays

Kimsuky HttpSpy malware campaign JSONPing execution check

Kimsuky HttpSpy Malware Campaign Exploits Networks via Deceptive Overlays

Do Son June 3, 2026

The ENKI Whitehat Threat Research Team recently exposed an advanced cyber espionage operation. Specifically, the notorious Kimsuky...

Kimsuky Core Upgrades Weaponize Rust Backdoors and VSCode Remote Tunneling Kimsuky HelloDoor Backdoor VSCode Tunneling Espionage

Kimsuky Core Upgrades Weaponize Rust Backdoors and VSCode Remote Tunneling

Do Son May 20, 2026

The prolific Korean-speaking threat actor known as Kimsuky is executing a major tactical evolution, incorporating modern programming...

CISA Sounds the Alarm: State-Sponsored Hackers Weaponize New Windows and ScreenConnect Flaws State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

CISA Sounds the Alarm: State-Sponsored Hackers Weaponize New Windows and ScreenConnect Flaws

Do Son April 29, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding two...

North Korea’s “Portfolio Model” Shatters Modern Attribution Attribution Resistance DPRK Cyber Portfolio

North Korea’s “Portfolio Model” Shatters Modern Attribution

Do Son April 10, 2026

North Korea’s cyber program has moved past the era of accidental growth into a period of “mature...

The Python Pivot: Kimsuky’s New Multi-Stage LNK Maze for Stealthy Backdoors Kimsuky Multi-stage LNK

The Python Pivot: Kimsuky’s New Multi-Stage LNK Maze for Stealthy Backdoors

Do Son April 8, 2026

The notorious Kimsuky threat group is refining its arsenal, shifting toward more complex, multi-stage execution chains to...

Shadows of the North: Unmasking the Sprawling Cyber Infrastructure of the DPRK DPRK Cyber Ecosystem, Unified Hacking Infrastructure

Shadows of the North: Unmasking the Sprawling Cyber Infrastructure of the DPRK

Do Son December 22, 2025

A new collaborative investigation has exposed the intricate and overlapping infrastructure powering North Korea’s most notorious cyber...

North Korea’s Kimsuky Upgrades DOCSWAP Malware to Hijack Smartphones via QR Codes Chinese espionage groups APT35 Phishing, Stormshield CTI

North Korea’s Kimsuky Upgrades DOCSWAP Malware to Hijack Smartphones via QR Codes

Do Son December 22, 2025

The notorious North Korean threat group Kimsuky has launched a renewed mobile offensive, deploying an evolved version...

Kimsuky APT Deploys Dual KimJongRAT Payloads, Switching Between PE/PowerShell Based on Windows Defender Status threat group Earth Koshchei

Kimsuky APT Deploys Dual KimJongRAT Payloads, Switching Between PE/PowerShell Based on Windows Defender Status

Do Son November 25, 2025

A newly published investigation by the ENKI WhiteHat Threat Research Team reveals a rapidly expanding and increasingly...

Kimsuky APT Uses JavaScript Loader and Certutil to Achieve Minute-by-Minute Persistence via Windows Scheduled Task

Do Son November 10, 2025

The North Korean advanced persistent threat (APT) group Kimsuky has once again emerged with a new, JavaScript-driven...

North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT Kimsuky HttpTroy, Lazarus BLINDINGCAN RAT

Kimsuky HttpTroy, Lazarus BLINDINGCAN RAT

North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT

Do Son November 3, 2025

Researchers at Gen Threat Labs have identified two new toolsets in active use by North Korean state-sponsored...

Kimsuky Group Weaponizes AI Deepfakes in New Spear-Phishing Campaign North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Kimsuky Group Weaponizes AI Deepfakes in New Spear-Phishing Campaign

Do Son September 16, 2025

The Genians Security Center (GSC) has uncovered a new spear-phishing campaign by the North Korean threat group...

Kimsuky APT Is Using Social Engineering and AppleSeed Malware to Spy on South Korea Exploited VMware

Kimsuky APT Is Using Social Engineering and AppleSeed Malware to Spy on South Korea

Do Son September 5, 2025

The Genians Security Center (GSC) has published a detailed analysis of a new Advanced Persistent Threat (APT)...

Spur Links North Korean APT Infrastructure to Commercial Proxy Service WgetCloud

Do Son August 26, 2025

Last week, the leak site DDoSecrets.com published a data dump allegedly from a workstation of a threat...

Spies in Plain Sight: How North Korean Hackers Used GitHub to Attack Embassies North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Spies in Plain Sight: How North Korean Hackers Used GitHub to Attack Embassies

Do Son August 20, 2025

The Trellix Advanced Research Center has uncovered a wide-reaching espionage operation targeting diplomatic missions in South Korea,...

Kimsuky Hacked: Hackers Leak 8.9GB of Stolen Data and Tools from North Korean Group North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Kimsuky Hacked: Hackers Leak 8.9GB of Stolen Data and Tools from North Korean Group

Do Son August 14, 2025

Recently, the North Korean hacking group Kimsuky suffered a breach resulting in the leak of 8.9 GB...

Kimsuky APT Escalates Cyberespionage with Stealthy LNK Files & Reflective Malware Payloads Kimsuky APT, Cyberespionage

Kimsuky APT Escalates Cyberespionage with Stealthy LNK Files & Reflective Malware Payloads

Do Son August 5, 2025

A new report from Aryaka Threat Research Labs has disclosured one of the most technically sophisticated and...

ClickFix Unmasked: How North Korea’s Kimsuky Group Turned PowerShell into a Weapon of Psychological Deception

Do Son July 1, 2025

In its latest threat intelligence report, the Genians Security Center (GSC) has uncovered a new evolution in...

North Korean Hackers Exploit GitHub and Dropbox in Targeted Spearphishing Attacks CVE-2024-3393 - Zservers sanctions

North Korean Hackers Exploit GitHub and Dropbox in Targeted Spearphishing Attacks

Do Son June 24, 2025

A new report from EnkiWhiteHat has unveiled a sophisticated cyber espionage operation that leverages GitHub private repositories,...

Kimsuky APT Group Abuses HWP and AnyDesk for Covert Remote Surveillance

Do Son June 18, 2025

The North Korean threat actor Kimsuky has been spotted deploying yet another advanced phishing campaign—this time leveraging...

Kimsuky’s AppleSeed Returns: North Korea-Linked APT Targets Korean Users via Social Media

Do Son June 10, 2025

In its latest Advanced Persistent Threat (APT) campaign, Kimsuky, a North Korea-linked group, has returned with an...

Critical Alert 1 Active Exploit Detected Today