Threat Actor Profile

Kimsuky

Aliases
  • APT43
  • Archipelago
  • Black Banshee
  • THALLIUM
Origin
North Korea
Active Since
2012
Motivation
Espionage, Strategic intelligence collection, Financial activity supporting broader state objectives
Cause
Nation State
Recent Activity

Kimsuky, also tracked as Emerald Sleet, has been observed exploiting ScreenConnect vulnerabilities, particularly CVE-2024-1708 and CVE-2024-1709, to deploy ToddlerShark, a BabyShark-related malware variant.

Primary Targets
  • Genians
  • Organizations tied to foreign policy
  • Organizations tied to Korean Peninsula security issues
  • Organizations tied to nuclear policy
  • Organizations tied to sanctions
Target Locations
  • Europe
  • Japan
  • South Korea
  • United States
  • United Kingdom
Target Sectors
  • Manufacturing
  • Energy
  • Business Services
  • Government
  • Education
  • Technology
  • Finance
  • Credit Unions
Vulnerabilities

CVE-2015-2545

CVE-2017-0199

CVE-2018-8174

CVE-2022-30190

CVE-2025-0411

How Bitsight Helps

Understanding threat actor capabilities is only half the battle—the other half is knowing whether your organization is in their crosshairs. See how Bitsight threat intelligence helps you move from observation to action.

Request threat intel demo