A North Korean hacking group has been attacking think tanks in the South through malware-laden blog posts.
In a new campaign, tracked since June 2021, the state-sponsored advanced persistent threat (APT) group has been attempting to plant surveillance and theft-based malware on victim machines.
On Wednesday, researchers from Cisco Talos said the Kimsuky APT, also known as Thallium or Black Banshee, is responsible for the wave of attacks, in which malicious Blogspot content is being used to lure South Korea-based think tanks whose research focuses on political, diplomatic, and military topics pertaining to North Korea, China, Russia, and the US.
Specifically, geopolitical and aerospace organizations appear to be on the APT’s radar.