Kimsuky Targets South Korea with Advanced Malware and Social Engineering Tactics

Kimsuky Targets South Korea with Advanced Malware and Social Engineering Tactics

First seen 29 May 2026, 17:59 UTC ThehackernewsScworld 87% similarity 75.5

Article Content

Browse articles
ThreatCluster

North Korean hackers known as Kimsuky have launched a series of cyberattacks against South Korean military and corporate sectors during March and April 2026. The group utilized sophisticated social engineering tactics, including spoofed security software installation pages and fake Webex meeting invitations, to deliver malware. Notably, a variant of the HTTPSpy remote access trojan was disguised as legitimate security software. Kimsuky also employed new malware families such as HelloDoor and HttpMalice, alongside enhanced versions of existing malware like HappyDoor. The attacks impacted various sectors, including defense, government, and healthcare, demonstrating Kimsuky's adaptability and persistent threat. The group has been active since at least 2023, indicating a long-term campaign against South Korean entities. Current assessments highlight the ongoing risk posed by Kimsuky to critical infrastructure and sensitive data.

Key Points: • Kimsuky targeted South Korean military and corporate entities with advanced malware. • Attacks involved social engineering tactics like spoofed software and fake meeting invitations. • New malware variants include HelloDoor and enhanced versions of existing threats.

ThreatCluster AI

Timeline

2026-03-01
Kimsuky begins cyberattacks
Kimsuky initiated a series of targeted attacks against South Korean military and corporate entities using advanced tactics.
Scworld
2026-04-30
Malware variants identified
New malware families HelloDoor and HttpMalice were identified, expanding Kimsuky's arsenal.
Thehackernews
2026-05-29
Reports published on Kimsuky activity
Both Scworld and The Hacker News published reports detailing Kimsuky's recent cyberattacks and tactics.
Scworld

Community

Browse all →