Targeting of Google Chrome users in the United States, South Korea, and Europe, particularly those involved in research into North Korean affairs

Cyber Operations Home

Targeting of Google Chrome users in the United States, South Korea, and Europe, particularly those involved in research into North Korean affairs

Date of report

June 2024

Affiliations

Kimsuky

Zscaler observed Kimsuky leveraging a malicious version of a Google Chrome extension, which Zscaler named “Translatext,” to steal information. The extension allows Kimsuky to bypass popular email servers’ security measures and access users’ inboxes.

Suspected victims

Google Chrome users in the United States, South Korea, and Europe, particularly those involved in research into North Korean affairs

Suspected state sponsor

Korea (Democratic People's Republic of)

Type of incident

Espionage

Target category

Civil society

Victim government reaction

Unknown

Policy response

Unknown

Kimsuky Deploys Translatext, Targetting South Korean Academia

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events