Kimsuky is a apt_group tracked across 38 threat clusters and 72 intelligence report mentions on ThreatCluster. First observed October 24, 2025; most recent activity June 3, 2026.
FamousSparrow, a China-aligned APT group, launched a multi-wave cyberespionage campaign against an Azerbaijani oil and gas company from late December 2025 to February 2026. The attackers employed an evolved DLL…
ESET's latest APT Activity Report reveals that from October 2025 to March 2026, China-aligned threat actors engaged in extensive espionage campaigns, particularly in Venezuela and the Gulf region. Following U.S.…
The North Korean hacking group Kimsuky is utilizing generative AI to create malware aimed at South Korean government systems, as reported by Kaspersky on May 14, 2026. The malware, named HelloDoor, is a Rust-based…
North Korean hackers known as Kimsuky have launched a series of cyberattacks against South Korean military and corporate sectors during March and April 2026. The group utilized sophisticated social engineering tactics,…
Adversaries are increasingly leveraging external remote services like VPNs and Citrix to gain unauthorized access to networks. These attacks often involve using valid accounts obtained through credential harvesting or…
A security breach at the Bitcoin DeFi protocol Alex Lab has impacted customers of Shanghai Pudong Development Bank (SPD Bank). The incident, which occurred on June 6, 2025, resulted in the loss of approximately $8.3…
North Korean state-backed hackers, specifically the Kimsuky group, have initiated a targeted campaign against pharmaceutical and life science companies. The attackers utilize weaponized Excel files, disguised as…
In early 2026, the North Korea-linked Kimsuky threat group executed at least four spear-phishing campaigns targeting recruiters, cryptocurrency users, developers, defense personnel, and academic administrators. The…
North Korea-linked hackers from the Konni group executed a spear-phishing campaign utilizing the KakaoTalk messaging platform to distribute malware and steal sensitive information. The campaign involved sending emails…
North Korea's cyber program has transitioned to a modular malware strategy, moving away from monolithic malware families to a more fragmented ecosystem. This change is a response to years of international sanctions, law…