Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 17:46:43 UTC
Home > List all groups > List all tools > List all groups using tool ReconShark
 Tool: ReconShark
Names ReconShark
Category Malware
Type Reconnaissance
Description
(SentinelOne) The ability of ReconShark to exfiltrate valuable information, such as deployed
detection mechanisms and hardware information, indicates that ReconShark is part of a
Kimsuky-orchestrated reconnaissance operation that enables subsequent precision attacks,
possibly involving malware specifically tailored to evade defenses and exploit platform
weaknesses.
Information
Last change to this tool card: 21 June 2023
Download this tool card in JSON format
All groups using tool ReconShark
Changed Name Country Observed
APT groups
 Kimsuky, Velvet Chollima 2012-Aug 2025
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b612f8bc-506d-4e5b-b78d-cba0b6a9b570
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b612f8bc-506d-4e5b-b78d-cba0b6a9b570
Page 1 of 1