Kimsuky is believed to be a North Korean-based threat group who has been operating since the latter half of 2013 with many campaigns being attributed to the group. The group is also known by other names including Velvet Chollima and Black Banshee. Kimsuky employs common social engineering tactics, spearphishing, and watering hole attacks to exfiltrate desired information from victims. Kimsuky usually conducts its intelligence collection activities against individuals and organizations in South Korea, Japan, and the United States. Kimsuky focuses its intelligence collection activities on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions.
Information theft and espionage