Scworld
Kimsuky Targets South Korea with Advanced Malware and Social Engineering Tactics
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
North Korean hackers known as Kimsuky have launched a series of cyberattacks against South Korean military and corporate sectors during March and April 2026. The group utilized sophisticated social engineering tactics, including spoofed security software installation pages and fake Webex meeting invitations, to deliver malware. Notably, a variant of the HTTPSpy remote access trojan was disguised as legitimate security software. Kimsuky also employed new malware families such as HelloDoor and HttpMalice, alongside enhanced versions of existing malware like HappyDoor. The attacks impacted various sectors, including defense, government, and healthcare, demonstrating Kimsuky's adaptability and persistent threat. The group has been active since at least 2023, indicating a long-term campaign against South Korean entities. Current assessments highlight the ongoing risk posed by Kimsuky to critical infrastructure and sensitive data.
Key Points: • Kimsuky targeted South Korean military and corporate entities with advanced malware. • Attacks involved social engineering tactics like spoofed software and fake meeting invitations. • New malware variants include HelloDoor and enhanced versions of existing threats.