Kimsuky was discovered by Google Mandiant researchers to have deployed spear-phishing attacks involving contract lures with U.S. defense contractors redirecting to fraudulent login pages spoofing those of a telecommunications firm and an email services provider that sought to exfiltrate Diehl Defence employee credentials.
Article Link: Diehl Defence reportedly attacked by Kimsuky APT | SC Media