Home

White Paper

Kimsuky’s Phishing and Payload Tactics

Kimsuky’s Phishing and Payload Tactics

Rapid7
Pages 18 Pages

Kimsuky, a North Korea–backed APT group, relies on phishing and social engineering to steal credentials and gain mailbox access. They build trust with victims through multiple email exchanges, spoofed domains, and permissive DMARC exploitation, and have also used Facebook for phishing. Payloads include LNK, CHM, and MSC files with obfuscated PowerShell, JavaScript, and VBScript for in-memory execution. Malware families like BabyShark, AppleSeed, and AlphaSeed enable data theft and remote access. Persistence is achieved via run keys, services, and scheduled tasks. Despite modest technical skill, Kimsuky’s adaptability and social engineering make them a persistent global threat.

Join for free to read

You Might Also Like


Zscaler ThreatLabz 2024 Phishing Report
Report Zscaler ThreatLabz 2024 Phishing Report
Zscaler

How AI is Changing the Phishing Landscape
Guide How AI is Changing the Phishing Landscape
Darktrace

Phishing test
Case Study Phishing test
LIFARS

Key Insights on Phishing Trends in the AI Era | Zscaler
Report Key Insights on Phishing Trends in the AI Era | Zscaler
Zscaler

More from Rapid7


Managed Digital Risk Protection
Vendor Sheet Managed Digital Risk Protection
Rapid7

Remediation Services Overview
Ebook Remediation Services Overview
Rapid7

Putting MITRE ATT&CK to Work In Your SOC
Vendor Sheet Putting MITRE ATT&CK to Work In Your SOC
Rapid7

2024 TAKE COMMAND SUMMIT BY NUMBERS
Infographic 2024 TAKE COMMAND SUMMIT BY NUMBERS
Rapid7
© 2025 Contentree.  All Rights Reserved   |   Privacy and Cookies   |   Legal   |   Do not sell my info