Kimsuky APT43 Cryptocurrency Operations
Kimsuky cryptocurrency theft operations funding intelligence collection, targeting crypto exchanges and financial platforms.
Start date
1 January 2021
End date
—
Techniques
15
Attributed actors
Techniques (15)
command-and-control2
T1105Ingress Tool Transfer
T1071.001Web Protocols
credential-access2
T1552.001Credentials In Files
T1555Credentials from Password Stores
discovery2
T1082System Information Discovery
T1083File and Directory Discovery
execution2
T1059.003Windows Command Shell
T1059.001PowerShell
exfiltration1
T1041Exfiltration Over C2 Channel
initial-access3
T1566.002Spearphishing Link
T1078Valid Accounts
T1566.001Spearphishing Attachment
persistence2
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
privilege-escalation2
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
reconnaissance1
T1598.003Spearphishing Link
stealth2
T1078Valid Accounts
T1027Obfuscated Files or Information
Indicators of compromise
No IOCs linked to this campaign yet.