North Korea-linked APT group Kimsuky<\/a> has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems.<\/p>\n\n\n\n
“Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a cyberattack by the North Korean hacking group Kimsuky targeting Diehl Defence.” reported<\/strong><\/a> Der Spiegel. “The hackers used fake, lucrative job offers from U.S. arms suppliers to deceive Diehl employees. By clicking on a malicious PDF, victims would unknowingly download malware, allowing the hackers to spy on their systems.”<\/em><\/p>\n\n\n\n
A spokesperson for Germany’s Federal Office for Information Security (BSI) confirmed that Kimsuky (aka APT43<\/a>) is conducting a broader cyber campaign targeting Germany. The BSI confirmed that other German organizations have also been targeted as part of this ongoing campaign.<\/p>\n\n\n\n
Kimsuky cyberespionage group <\/a>(aka Springtail, ARCHIPELAGO, Black Banshee, Thallium<\/a>, Velvet Chollima, APT43<\/a>) was first spotted<\/a> by Kaspersky researcher in 2013. The APT group mainly targets think tanks and organizations in South Korea, other victims were in the United States, Europe, and Russia.<\/p>\n\n\n\n
In May 2024, Symantec researchers observed the North Korea-linked group\u00a0Kimsuky<\/a>\u00a0using a new Linux backdoor dubbed Gomir. The malware is a version of the GoBear backdoor which was delivered in a recent campaign by Kimsuky via Trojanized software installation packages.<\/p>\n\n\n\n
In December 2023, the US Department of the Treasury\u2019s Office of Foreign Assets Control (OFAC) announced<\/a> sanctions against the North Korea-linked APT group\u00a0Kimsuky<\/a>.<\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0Kimsuky)<\/strong>