Kimsuky targets organizations with PebbleDash-based tools

Kaspersky analyzed ongoing Kimsuky (APT43) campaigns showing evolution of the PebbleDash and AppleSeed clusters: targeted spear-phishing with JSE/EXE/SCR/PIF droppers delivering backdoors (HelloDoor, httpMalice, httpTroy) and loaders (MemLoad), post-exploitation using legitimate tools (VSCode Remote Tunneling, DWAgent), use of tunneling services and hijacked/free South Korean domains for C2, and detailed IoCs (file hashes, domains) and behavioral indicators tied to operations against South Korean public and private sector entities and select international defense targets.