North Korean state-sponsored threat group Kimsuky has launched targeted cyber attacks against South Korean military and corporate organizations during March-April 2026. The campaign employs sophisticated social engineering techniques including spoofed security software pages and fake Webex meeting interfaces to deliver malware including HTTPSpy, HelloDoor, and VS Code tunnels.
The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. "Kimsuky employed a range of tailored social engineering tactics, such as spoofing security software installation pages and crafting a fake Webex meeting page that leveraged
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
