Kimsuky

Nation: North Korea · 3 tracked threat(s) · Categories: APT, MALWARE, SUPPLY_CHAIN

Also known as: Velvet Chollima, Black Banshee, Thallium, APT43, Emerald Sleet, Springtail, TA427, TA406, ARCHIPELAGO

Tracked threats

ASEC April 2026 APT Trend Report (South Korea) — Kimsuky-Aligned LNK/PowerShell/AutoIt Spear-Phishing with PubNub C2, GitHub-Hosted HTA & XenoRAT (5 Infection Types) — HIGH
Kimsuky CHM Dropper / VBScript Stager / PowerShell Keylogger Kill Chain Recovered from Live C2 (api_reference.chm, check.nid-log.com) — HIGH
GuptiMiner — North Korean (Kimsuky/APT43) Supply Chain Attack Hijacking eScan Antivirus HTTP Updates via AitM — CRITICAL

Full actor intelligence — infrastructure, IOCs, detection coverage and operator fingerprints — is available via the Threadlinqs MCP server (Purple tier). View plans →

Threadlinqs Intelligence