What is Kimsuky? 🤔

A deep dive into the next big APT to hit the threat landscape [View this email in your browser]( Brought to you by... Connect. Configure. Control. See how Drata simplifies compliance management. [Drata]( automates evidence collection with 80+ integrations and monitors risk 24/7 for 14+ frameworks. Whether it’s SOC 2, ISO 27001, GDPR, or HIPAA, you can stay compliant without the messy, manual work. Book a demo and see why companies like Notion and Lemonade choose Drata to streamline their compliance programs. Plus, [Packt]( readers get 10% off and waived implementation fees. [REQUEST A DEMO]( SecPro Special Issue: Who is Kimsuky? Hello! We've noticed an increase in activity from a specific threat actor group which didn't make it into our top ten APTs. So, as a little treat, we've decided to launch an investigation into them. Introducing: Kimsuky, North Korean hackers known for targeting their southern neighbors. And for anyone who missed our survey in issue #101, check it out below! We'd love to know what you're studying and how the Packt team can help you. Cheers! [Austin Miller]( Editor in Chief [TAKE THIS WEEK'S SURVEY!]( [_secpro]( [Packt _secpro Newsletter]( [The _secpro Website]( [Kimsuky - Another Notorious North Korean hacker gang]( In the vast landscape of cyber threats, one name keeps cropping up: Kimsuky. This APT has been involved in an ongoing cyber campaign that has targeted South Korean think tanks, government organizations, and human rights activists. They use a highly sophisticated reconnaissance toolkit to gather valuable information and exploit vulnerabilities. But the most important questions for cybersecurity pros: who are they? How do they operate? Should I be worried? Let's find out. For a full breakdown on the Kimsuky threat actor group, why not check out these articles by industry leaders? - [SentinelOne - Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit]( - [ASEC - Kimsuky Group Using Meterpreter to Attack Web Servers]( - [MITRE ATT&CK - Kimsuky]( - [CISA - North Korean Advanced Persistent Threat Focus: Kimsuky]( - [MalwareBytes - Kimsuky APT continues to target South Korean government using AppleSeed backdoor (2021)]( Have You Tried..? So many tools, so little time to try them. While you try out [this week's tutorial for Autopsy]( why not take a look at some similar things we've been trying out this week? - [markmckinnon/Autopsy-Plugins]( - A whole range of Python-based plugins to change up Autopsy. - [bannsec/autopsy_docker]( - Docker for Autopsy. What it says on the tin. - [saraferreirascf/Photo-and-video-manipulations-detector]( - Plugins specifically designed for noticing photo and video shenanigans. - [NoelV11/DFIR-Training]( - A comprehensive walkthrough on how to use Autopsy and get the most out of the toolkit [FORWARDED THIS EMAIL? SIGN UP HERE]( [NOT FOR YOU? UNSUBSCRIBE HERE]( Copyright © 2023 Packt Publishing, All rights reserved. As a GDPR-compliant company, we want you to know why you’re getting this email. The _secpro team, as a part of Packt Publishing, believes that you have a legitimate interest in our newsletter and the products associated with it. Our research shows that you opted-in for communication with Packt Publishing in the past and we think that your previous interest warrants our appropriate communication. If you do not feel that you should have received this or are no longer interested in _secpro, you can opt out of our emails using the unsubscribe link below. Our mailing address is: Packt Publishing Livery Place, 35 Livery StreetBirmingham, West Midlands, B3 2PB United Kingdom [Add us to your address book]( Want to change how you receive these emails? You can [update your preferences]( or [unsubscribe from this list](.