Unmasking Kimsuky APT Group’s New Wave of Malware: Devious North Korean Cyber Espionage Tactics

The Kimsuky APT group, believed to be backed by the North Korean state, has become an infamous name in the world of cyber espionage. This group targets government agencies, industry, and think tanks in South Korea to gather classified and sensitive information. In recent years, Kimsuky has been identified as a major actor in sophisticated cyber attacks, and one of its favored techniques for spreading malware is through CHM files.

The Kimsuky APT group is a cyber-espionage group that is believed to be associated with the North Korean regime. They have been known to target South Korean government, military, and nuclear websites, as well as international organizations and private-sector entities. They are also known to use social engineering tactics and spear-phishing attacks to gain unauthorized access to their targets’ networks and steal sensitive information.

Kimsuky APT is a North Korean state-backed hacking group that operates on behalf of the North Korean government for espionage purposes. The group primarily operates in South Korea, where it targets various organizations such as government agencies, industries, think tanks, and nuclear power operators. Kimsuky is known to use a variety of tactics to infiltrate these organizations, but their use of CHM files remains one of their favored methods.

Targets of Kim-suk-ky

Over the years, Kimsuky has targeted several agencies and organizations in South Korea, primarily to collect classified and sensitive information. These targets include:

1. South Korean think tanks.
2. Industry.
3. Nuclear power operators.
4. South Korean Ministry of Unification.

Period of operation

According to security experts, Kimsuky has been operating since 2012. Over time, the group has evolved from relatively simple tactics to more advanced methods.

Malware distribution through CHM files

The Kimsuky APT group has been using CHM files to distribute malware to targeted machines. These files are compressed HTML files that provide help materials, usually containing text, photos, and hyperlinks.

Attackers are known to use CHM files

The group uses phishing emails or other social engineering tactics to distribute these CHM files. They are sent as attachments with a subject line that appears relevant to the target users. Once the user clicks on the file, additional scripts are downloaded, which exfiltrate user information and install malware.

Information harvested from CHM files

Kimsuky uses CHM files to harvest user information such as passwords or account details. They can also download and install additional malware or create a backdoor to maintain access to the victim’s computer.

Based on the analysis of multiple attacks executed in May, security researchers found that Kimsuky used different subjects, such as cryptocurrency, tax accounting, and contracts in distributed files, instead of North Korean-related topics. The goal of diversifying the content is to make the malware more convincing to the victim and harder to detect.

The group chose the subject matter for CHM files based on current events or topics relevant to the target field to make them more appealing to the victims. The report shows a deeper level of planning in the group’s malware campaigns.

CHM files

A CHM file is a compressed HTML file that provides help material. It can contain text, photos, and hyperlinks. They are created to provide help and support to users of various software and applications.

Tactics used to trap victims

Kimsuky uses a variety of tactics to trap victims. They use document disguises to trick users into executing the malware and take advantage of their susceptibility, making them fall prey to the cyber threat.

Document disguises

The group disguises CHM files as documents, such as contracts, invitations, or tenders. Users may become victims and click on the document to execute the malware, assuming it came from a legitimate source.

Users’ susceptibility to falling prey

Kimsuky takes advantage of users’ habits of engaging with the software they think they need support with. They assume that the user will click on the link and execute the help window to get assistance without due caution.

Execution of Malware

Once the user clicks on the CHM file, additional scripts are downloaded to exfiltrate user information and install malware, including backdoors, Trojans, and other sophisticated types of malware.

Downloading additional scripts

The group downloads additional scripts or malware to silently harvest the targeted user’s data.

Exfiltration of user information

The Kimsuky group exfiltrates sensitive information such as passwords, account information, and other credentials for malicious use.

Prevention measures

Users must carefully check the senders of emails and refrain from opening files from unknown sources. They should also perform routine checks on their computers and update their security software to the latest version.

Verifying email sources

The first step is to verify that the email source and attachments are legitimate, and that you are expecting them.

Use caution when opening unknown files

Never click on unknown or unexpected attachments downloaded from the internet, as they may contain malware or viruses that can harm your PC.

Regular PC checks and updated security software

Regular PC checks help identify and remove any malware or suspicious files from the device. Users should keep their security software updated to prevent any breaches.

The Kimsuky APT group continues to employ sophisticated techniques to infiltrate various organizations, with CHM files being one of their primary tools. Their diverse clickbait content and document disguises provide a deeper level of planning in their campaigns. Users must be aware of the risk levels and potential vulnerabilities of the CHM file format, and they need to be vigilant while communicating and using such files for support and assistance. Implementing better protection measures will help safeguard users and ensure the security of their data.

Explore more

How Is AI Revolutionizing Payroll in HR Management?

Imagine a scenario where payroll errors cost a multinational corporation millions annually due to manual miscalculations and delayed corrections, shaking employee trust and straining HR resources. This is not a far-fetched situation but a reality many organizations faced before the advent of cutting-edge technology. Payroll, once considered a mundane back-office task, has emerged as a critical pillar of employee satisfaction

AI-Driven B2B Marketing – Review

Setting the Stage for AI in B2B Marketing Imagine a marketing landscape where 80% of repetitive tasks are handled not by teams of professionals, but by intelligent systems that draft content, analyze data, and target buyers with precision, transforming the reality of B2B marketing in 2025. Artificial intelligence (AI) has emerged as a powerful force in this space, offering solutions

5 Ways Behavioral Science Boosts B2B Marketing Success

In today’s cutthroat B2B marketing arena, a staggering statistic reveals a harsh truth: over 70% of marketing emails go unopened, buried under an avalanche of digital clutter. Picture a meticulously crafted campaign—polished visuals, compelling data, and airtight logic—vanishing into the void of ignored inboxes and skipped LinkedIn posts. What if the key to breaking through isn’t just sharper tactics, but

Trend Analysis: Private Cloud Resurgence in APAC

In an era where public cloud solutions have long been heralded as the ultimate destination for enterprise IT, a surprising shift is unfolding across the Asia-Pacific (APAC) region, with private cloud infrastructure staging a remarkable comeback. This resurgence challenges the notion that public cloud is the only path forward, as businesses grapple with stringent data sovereignty laws, complex compliance requirements,

iPhone 17 Series Faces Price Hikes Due to US Tariffs

What happens when the sleek, cutting-edge device in your pocket becomes a casualty of global trade wars? As Apple unveils the iPhone 17 series this year, consumers are bracing for a jolt—not just from groundbreaking technology, but from price tags that sting more than ever. Reports suggest that tariffs imposed by the US on Chinese goods are driving costs upward,