The North Korean state-sponsored threat actor Kimsuky is actively targeting South Korean military and corporate entities using advanced social engineering and novel tools like HTTPSpy, HelloDoor, and VS Code Tunnels.
The North Korean state-sponsored threat group Kimsuky (also known as Velvet Chollima) has been attributed to a series of sophisticated cyber attacks conducted against South Korean military and corporate organizations during March and April 2026. The group utilizes tailored social engineering tactics, including spoofing security software installation pages and crafting fake Webex meeting pages to gain unauthorized access and further expand its operational reach. New tools such as HTTPSpy, HelloDoor, and VS Code Tunnels have been deployed as part of their expanded cyber arsenal.