Kimsuky APT Data Leak – GPKI Certificates, Rootkits and Cobalt Strike Personal Uncovered

In late June 2025, a significant operational dump from North Korea’s Kimsuky APT group surfaced on a dark-web forum, exposing virtual machine images, VPS infrastructure, customized malware, and thousands of stolen credentials.

This leak offers an unprecedented window into the group’s espionage toolkit, revealing how Kimsuky conducts phishing campaigns, maintains persistence, and evades detection within critical networks across South Korea, the U.S., Japan and Europe.

To read the complete article see: Read More