New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Come meet us at Black Hat USA 2025 | Booth 1640
Book a Meeting

Kimsuky Uses SharpExt To Gather Intelligence From Stolen Email

August 22, 2022

The threat actor tracked as Kimsuky continue to deliver booby trapped documents to targets that are laced with browser extension malware.
Once received and executed, the malicious Hangul Word Processor (HWP) files communicate with the threat actor controlled C2 to gather the SharpEXT browser extension that is leveraged to steal emails and attachments from the victims in the United States, South Korea, and Europe.