Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data
Jun 28, 2024
Cyber Espionage / Cyber Attack
The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has codenamed the extension TRANSLATEXT, highlighting its ability to gather email addresses, usernames, passwords, cookies, and browser screenshots. The targeted campaign is said to have been directed against South Korean academia, specifically those focused on North Korean political affairs. Kimsuky is a notorious hacking crew from North Korea that's known to be active since at least 2012, orchestrating cyber espionage and financially motivated attacks targeting South Korean entities. A sister group of the Lazarus cluster and part of the Reconnaissance General Bureau (RGB), it's also tracked under the names APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet, Springtail, and Velv