Rewterz Threat Advisory – ICS: Hitachi Storage Plug-in for VMware vCenter Vulnerabilities
February 1, 2023Rewterz Threat Alert – TZW Ransomware – Active IOCs
February 1, 2023Rewterz Threat Advisory – ICS: Hitachi Storage Plug-in for VMware vCenter Vulnerabilities
February 1, 2023Rewterz Threat Alert – TZW Ransomware – Active IOCs
February 1, 2023Severity
High
Analysis Summary
Kimsuky is a North Korean advanced persistent threat (APT) group, also known as “Black Banshee”. The group has been active since at least 2012 and is believed to be state-sponsored. Kimsuky is known for conducting cyber espionage operations and targeting organizations and individuals in various countries, including South Korea, Japan, and the United States. The group has been observed using various techniques to compromise their targets, such as phishing attacks, malware infections, and supply chain attacks. The group’s ultimate goals and motivations are not well understood, but they are generally believed to be focused on intelligence gathering and political or economic gain. The tactics, techniques, and procedures (TTPs) used by the Kimsuky APT group are constantly evolving, but some of their most commonly used methods include:
- Phishing attacks: The group has been known to send phishing emails that contain malicious attachments or links to compromised websites.
- Malware infections: Kimsuky has been observed using various types of malware, including remote access trojans (RATs), backdoors, and wiper malware.
- Supply chain attacks: The group has been known to compromise legitimate software or websites in order to distribute malware to a wider audience.
- Lateral movement: Once the group has compromised a target, they use techniques such as network scanning, password cracking, and privilege escalation to move laterally within the victim’s network.
- Data exfiltration: Kimsuky has been observed using various methods to steal data from its targets, including command-and-control servers, cloud storage services, and removable media.
Impact
- Data Theft and Espionage
- Sensitive Data Exposure
Indicators of Compromise
MD5
- 9bef135ad78f1cc980556008af92f385
SHA-256
- 38640d508c137d0e05c6d34d6bf5618095baed364482baef908fe1d7b2310e15
SHA-1
- d5a3cc7a429560cf0ef6379f07e1da341c9cf673
URL
http://hkisc.co.kr/gnuboard4/bbs/img/upload/list.php?query=1
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/senders.