June 2023 Threat Trend Report on Kimsuky Group

This document is a threat trend report focusing on the Kimsuky group for June 2023. It outlines observed activities, noting a slight increase in the number of fully qualified domain names (FQDNs) associated with the group compared to May. The report details specific attack types, including FlowerPower, RandomQuery, and AppleSeed, and discusses the changes in their distribution methods and features. For instance, RandomQuery has shifted to being distributed via .NET EXE files, while FlowerPower showed variations in its scripts. The report also includes statistics on attack types and mentions AhnLab's response to the identified threats, including detection names and engine version information. Additionally, it provides indicators of compromise (IOC) such as file paths, names, and hashes related to the Kimsuky group's activities. The report is classified for public distribution, with specific usage guidelines outlined for different classifications.