Nation-State Actor
Emerald Sleet
North Korea • Active since 2012
Emerald Sleet is the same as Kimsuky - North Korean hackers who pretend to be journalists or researchers to trick experts into giving up information or clicking malicious links.
Overview
Emerald Sleet is a North Korean threat actor focused on intelligence collection through social engineering and credential theft. They target experts and organizations with knowledge of North Korean policy issues.
Also Known As
Kimsuky, Thallium, Velvet Chollima, Black Banshee
Target Industries
Think Tanks, Academia, Government, Media, Policy Organizations
Target Regions
South Korea, United States, Europe, Japan
Is your business exposed?
Tactics, Techniques & Procedures
- • Impersonation of trusted entities
- • Credential harvesting websites
- • Malicious document attachments
- • Browser extension compromise
Known Tools & Malware
BabyShark, KimJongRAT, Gold Dragon, AppleSeed
Notable Campaigns
Think Tank Targeting (2023)
Targeted policy experts studying North Korea with fake interview requests.
Academic Institution Compromise (2022)
Compromised academic institutions researching Korean peninsula issues.
MITRE ATT&CK Techniques
T1566.001, T1598.003, T1534, T1176
Defense Recommendations
- 1.
Train policy experts on social engineering
- 2.
Implement email authentication (DMARC/DKIM)
- 3.
Monitor for BabyShark malware indicators
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required