Click below to access the threat report
In this report, we describe in detail many of the campaigns and behaviors associated with an actor operating on behalf of the North Korean government: TA406. We begin by explaining how TA406 is associated with the actor name Kimsuky, which is broadly tracked by the threat intelligence community. We then elaborate on how Proofpoint instead tracks this activity as three separate threat actors, TA406, TA408, and TA427, and detail the differences between those actors according to Proofpoint’s visibility.