VERY IMPORTANT

Kimsuky is an APT organization located in North Korea, also known as (Mystery Baby, Baby Coin, Smoke Screen, BabyShark, Cobra Venom), etc. It was first disclosed by Kaspersky in 2013. The organization has long targeted South Korean think tanks, government diplomacy, and news organizations. In the past few years, they have expanded their targets to countries including the United States, Russia, and Europe. The main purpose is to steal intelligence, espionage, etc. The organization is very active. Commonly used attack payloads are hwp files with vulnerabilities, malicious macro files, and PE files that release payloads. Throughout the activities of Kimsuky in the first half of 2021, the main targets of attacks are still South Korea’s government diplomacy, national defense industry, university professors, and think tanks. Relevant attacks are still mainly based on spear-mailing decoy documents. At the same time, they are also actively using social hot events as bait to attack.