9 matches found
Kimsuky targets organizations with PebbleDash-based tools
Over the past few months, we have conducted an in-depth analysis of specific activity clusters of Kimsuky aka APT43, Ruby Sleet, Black Banshee, Sparkling Pisces, Velvet Chollima, and Springtail, a prolific Korean-speaking threat actor. Our research revealed notable tactical shifts throughout...
Malicious code in @appleseed-apple/ac-sass-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c09c442c9bf5d1d38099a4ea05b85daf5b071a2d9e6e87dc72d030ecd4ca5404 The package @appleseed-apple/ac-sass-kit was found to contain malicious code...
MAL-2026-2709 Malicious code in @appleseed-apple/ac-sass-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c09c442c9bf5d1d38099a4ea05b85daf5b071a2d9e6e87dc72d030ecd4ca5404 The package @appleseed-apple/ac-sass-kit was found to contain malicious code...
Malicious code in @appleseed-apple/ac-sasskit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88124096765095b75d53f5129410a02db9d3966422e222d21b811aa0699ea725 The package @appleseed-apple/ac-sasskit was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1376 Malicious code in @appleseed-apple/ac-sasskit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88124096765095b75d53f5129410a02db9d3966422e222d21b811aa0699ea725 The package @appleseed-apple/ac-sasskit was found to contain malicious code. Source: ossf-package-analysis...
Kimsuky Group’s Intriguing Exploits with AppleSeed Malware
Summary: The Kimsuky group has been actively utilizing weaponized LNK files to deploy the AppleSeed malware. While the group typically relies on spear-phishing attacks for initial access, their recent campaigns have prominently featured the use of shortcut-type malware in LNK file format. AppleSe...
Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans
The North Korean espionage-focused actor known as Kimsuky has been observed using three different Android malware strains to target users located in its southern counterpart. That's according to findings from South Korean cybersecurity company S2W, which named the malware families FastFire,...
Researchers Uncover Hacking Operations Targeting Government Entities in South Korea
A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information. Cybersecurity firm Malwarebytes attributed t...
Kimsuky APT continues to target South Korean government using AppleSeed backdoor
This blog post was authored by Hossein Jazi. The Kimsuky APT—also known as Thallium, Black Banshee, and Velvet Chollima—is a North Korean threat actor that has been active since 2012. The group conducts cyber espionage operations to target government entities mainly in South Korea. On December...