The Reveal Platform
Intel Name: The coordinated embassy hunt: unmasking the dprk-linked github c2 espionage campaign
Date of Scan: August 19, 2025
Impact: High
Summary: A research center uncovered a DPRK-linked espionage campaign targeting diplomatic missions in South Korea in early 2025. Between March and July, at least 19 spear-phishing attacks impersonated trusted contacts to lure embassy staff. Attackers used GitHub for covert C2 communications and cloud platforms like Dropbox to deliver XenoRAT malware. Infrastructure links tie the operation to the Kimsuky group, matching known DPRK espionage tools and servers.
