Thrilled to shared #Kimsuky's latest activity using TRANSLATEXT to focus on the South Korean education sector in an intelligence gathering effort. 🕵️‍♂️
https://www.zscaler.com/blogs/security-research/kimsuky-deploys-translatext-target-south-korean-academia

What caught our attention:
▶️ Found a Chrome extension on a attacker-controlled GitHub.
▶️ It snags cookies, screenshots, and even email passwords.
▶️ Can bypass security measures from email providers.
▶️ Uses a dead drop resolver to receive extra commands via a legitimate blog service.
▶️ Target confirmed: South Korean education sector linked to North Korea research.