Threats Tagged 'korean nts'
View all threats tagged with 'korean nts'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'korean nts'
Click on any threat for detailed analysis and mitigation recommendations
A Third Vultr Seoul Box: 60+ Kimsuky Domains, 18 Months of DDNS Rotation, and a 5-Year Infrastructure Trail 0 This analysis documents a third Vultr Seoul VPS (158.247.210.58) associated with Kimsuky operations, featuring over 60 domains across an 18-month period of systematic credential harvesting infrastructure. The actor demonstrates deliberate rotation through seven DDNS providers to evade blocklisting while maintaining the same backend VPS since at least September 2020. The domains systematically impersonate Naver, Korean National Tax Service (HomeTax), and government portals using prefixes like nid-user, n-store, nts-auth, and htax-login. Currently, 31 domains actively resolve while web ports remain closed, indicating a parked and ready operational posture. The infrastructure sits in AS20473 alongside two previously documented Vultr Seoul boxes, demonstrating the actor's clear preference for this provider and geographic proximity to South Korean targets. Join the discussion | AlienVault OTX General | 04/28/2026, 08:06:27 UTC Added: 04/28/2026, 14:21:52 UTC |
Showing 1 to 1 of 1 result