intrusion-set--0ec2f388-bf0f-4b5c-97b1-fc736d26c25f.json

{
    "created_by_ref": "The MITRE Corporation",
    "external_references": [
        {
            "external_id": "G0094",
            "source_name": "mitre-attack",
            "url": "https://attack.mitre.org/groups/G0094"
        },
        {
            "source_name": "Kimsuky",
            "description": "(Citation: Securelist Kimsuky Sept 2013)"
        },
        {
            "source_name": "Velvet Chollima",
            "description": "(Citation: Zdnet Kimsuky Dec 2018)"
        },
        {
            "source_name": "EST Kimsuky April 2019",
            "url": "https://blog.alyac.co.kr/2234",
            "description": "Alyac. (2019, April 3). Kimsuky Organization Steals Operation Stealth Power. Retrieved August 13, 2019."
        },
        {
            "source_name": "BRI Kimsuky April 2019",
            "url": "https://brica.de/alerts/alert/public/1255063/kimsuky-unveils-apt-campaign-smoke-screen-aimed-at-korea-and-america/",
            "description": "BRI. (2019, April). Kimsuky unveils APT campaign 'Smoke Screen' aimed at Korea and America. Retrieved October 7, 2019."
        },
        {
            "source_name": "Securelist Kimsuky Sept 2013",
            "url": "https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/",
            "description": "Tarakanov , D.. (2013, September 11). The \u201cKimsuky\u201d Operation: A North Korean APT?. Retrieved August 13, 2019."
        },
        {
            "description": "Cimpanu, C.. (2018, December 5). Cyber-espionage group uses Chrome extension to infect victims. Retrieved August 26, 2019.",
            "url": "https://www.zdnet.com/article/cyber-espionage-group-uses-chrome-extension-to-infect-victims/",
            "source_name": "Zdnet Kimsuky Dec 2018"
        }
    ],
    "description": "[Kimsuky] is a North Korean-based threat group that has been active since at least September 2013. The group focuses on targeting Korean think tank as well as DPRK/nuclear-related targets. The group was attributed as the actor behind the Korea Hydro & Nuclear Power Co. compromise.(Citation: EST Kimsuky April 2019)(Citation: BRI Kimsuky April 2019)",
    "name": "Kimsuky",
    "type": "intrusion-set",
    "id": "intrusion-set--0ec2f388-bf0f-4b5c-97b1-fc736d26c25f",
    "aliases": [
        "Kimsuky",
        "Velvet Chollima"
    ],
    "modified": "2020-03-30T02:56:46.530Z",
    "created": "2019-08-26T15:03:02.577Z",
    "x_mitre_version": "1.1",
    "attribution": "North Korea",
    "sophistication": "minimal",
    "actor_type": "nation-state",
    "sectors": [
        "energy",
        "defense"
    ],
    "target_locations": [
        "South Korea"
    ],
    "primary_motivation": [
        "organizational gain"
    ],
    "goals": [
        "steal intellectual property",
        "obtain state secrets"
    ],
    "first_seen": "2013"
}