"Kimsuky Hackers Use New Recon Tool to Find Security Gaps"

In a global cyber espionage campaign, the North Korean hacking group Kimsuky has been observed using a new version of its reconnaissance malware, now known as ReconShark. According to Sentinel Labs, the threat actor is now targeting government organizations, research organizations, universities, and think tanks in the US, Europe, and Asia. South Korean and German authorities issued a warning in March 2023 that Kimsuky, also known as Thallium and Velvet Chollima, had begun distributing malicious Chrome extensions targeting Gmail accounts and an Android spyware that served as a Remote Access Trojan (RAT). Previously, in August 2022, researchers found another Kimsuky campaign targeting South Korean politicians, diplomats, university professors, and journalists using a multi-stage target validation scheme to ensure that only valid targets would be infected with malware. This article continues to discuss the history of the Kimsuky hacking group and its use of a new version of its reconnaissance malware ReconShark. 

Bleeping Computer reports "Kimsuky Hackers Use New Recon Tool to Find Security Gaps"