Zscaler ThreatLabz identified Kimsuky's use of the TRANSLATEXT Chrome extension to steal sensitive information targeting South Korean academia. The extension can collect email addresses, usernames, passwords, cookies, and browser screenshots.
Kimsuky, associated with Lazarus cluster and Reconnaissance General Bureau (RGB), is notorious for cyber espionage and financially motivated attacks since at least 2012. They recently weaponized a Microsoft Office security flaw (CVE-2017-11882) to drop espionage tools and execute secondary payloads.
CyberArmor highlighted Kimsuky's new backdoor named Niki that allows basic reconnaissance and remote control. The group initiates attacks through spear-phishing and social engineering, using deceptive ZIP archives containing malicious files.
Kimsuky's recent activities have targeted aerospace and defense sectors utilizing job-themed lures. The group's tactics involve leveraging security flaws for espionage, emphasizing the need for robust cybersecurity measures.
Collection
[
|
...
]