TA427
| Actor Type | Nation State |
|---|---|
| Attributed to Nation | North Korea |
| Directly Linked Intrusion Sets | Kimsuky |
| Associated Threat Actor | North Korean Reconnaissance General Bureau |
| Associated MITRE ATT&CK Group | Kimsuky (G0094) |
TA427 is an intrusion set tracked by researchers at Proofpoint who they link to North Korea (the Democratic People's Republic of Korea) and specifically the Reconnaissance General Bureau. The group is commonly known as Kimsuky as well as Emerald Sleet, APT43 and THALLIUM.
According to Proofpoint, TA427 use long term social engineering to gain information on issues which are strategically important to the North Korean regime.
TA427 uses think-tank and other non-government organization personas with custom lures to contact targets whilst appearing legitimate. The group has been observed abusing DMARC alongside typo squatting, email account spoofing and web beacons.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
TA427 Threat Reports
From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering
This blog post from Proofpoint's Threat Research Team details the TA427 group who they link to Kimsuky and attribute to North Korea. TA427 conduct ...