Overview

The Kimsuky group’s activities in January 2023 were not so different from the past, and there were no prominent issues. However, it had been identified that AppleSeed and a tunnel program called ngrok were being distributed on a normal Korean website. The types of Fully Qualified Domain Name (FQDN) were mainly FlowerPower, AppleSeed, and Random Query.

Attack Statistics

Like the 2022 Threat Trend Report on Kimsuky Group published on February 27, the FQDN of the FlowerPower type was the most prevalent, followed by the RandomQuery and AppleSeed. Most FQDNs seem to have not yet been used in attacks.

The targeted industries according to AhnLab Smart Defense (ASD), AhnLab’s malware threat analysis and cloud diagnosis system, were mainly universities, and other targets have not been identified.

ATIP_2023_Jan_Threat Trend Report on Kimsuky Group

AhnLab MDS detects and responds to unknown threats by performing sandbox-based dynamic analysis. For more information about the product, please visit our official website.

The post January 2023 Threat Trend Report on Kimsuky Group appeared first on ASEC BLOG.

Article Link: https://asec.ahnlab.com/en/51461/