March 25, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Financially Motivated Aggressive Group Carrying Out Ransomware Campaigns – Active IOCs
May 3, 2021Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
May 5, 2021Rewterz Threat Alert – Financially Motivated Aggressive Group Carrying Out Ransomware Campaigns – Active IOCs
May 3, 2021Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
May 5, 2021
Severity
High
Analysis Summary
Kimsuky is believed to be a North Korean-based threat group who has been operating since the latter half of 2013 with many campaigns being attributed to the group. The group is also known by other names including Velvet Chollima and Black Banshee. Kimsuky employs common social engineering tactics, spearphishing, and watering hole attacks to exfiltrate desired information from victims. Kimsuky usually conducts its intelligence collection activities against individuals and organizations in South Korea, Japan, and the United States. Kimsuky focuses its intelligence collection activities on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions.
Impact
Information theft and espionage
Indicators of Compromise
Filename
KisaAndroidSecurity[.]apk
MD5
4626ed60dfc8deaf75477bc06bd39be7
SHA-256
2365a48f7d6cf6dcc83195f06ea11b93c955c3a491c60b50ba42788917ba22e2
SHA1
a9ff1ebb548f5bba600d38e709ff331749fa9971
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.