After establishing trust with targets through the spoofing of a South Korean government official, Kimsuky — also known as APT43, ARCHIPELAGO, Black Banshee, Velvet Chollima, and Thallium — proceeded to distribute spear-phishing emails with a PDF document and a link redirecting to a website with PowerShell and code execution instructions.
Advanced stealthy Astaroth phishing kit emerges
