ORFA A.I CyberSecurity Scoring
ORFA
Company Information
Website:https://orfamerica.org
Employees number:29
Number of followers:8,312
NAICS:54172
Industry Type:Think Tanks
Homepage:orfamerica.org
ORFA Risk Score (AI oriented)
Between 700 and 749
ORFAThink Tanks
Updated:
04/04/2026
04/04/2026
734/1000
Moderate
Ba
ORFA Global Score (TPRM)
xxxx
ORFAThink Tanks
Score locked

ORFAModerate
Current Score
734Ba (MODERATE)
01000
1 incidents
-17 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
736
JUNE 2026
736
MAY 2026
735
APRIL 2026
735
MARCH 2026
734
FEBRUARY 2026
733
JANUARY 2026
733
DECEMBER 2025
733
NOVEMBER 2025
749
Cyber Attack
06 Nov 2025 • ORFA
Government entities and think tanks (targeted by Kimsuky)
Kimsuky Multi-Stage Malware Campaign Leveraging VS Code Extensions and GitHub for C2
732
CRITICAL-17
OBS1093010110625
Security researchers uncovered a sophisticated multi-stage attack campaign by Kimsuky, a North Korean state-sponsored threat group, targeting government agencies and think tanks. The attack leveraged Visual Studio Code extensions, GitHub, and compromised subdomains (e.g., *iuh234.medianewsonline[.]com*) as command-and-control (C2) infrastructure to deploy ransomware and reconnaissance malware. The infection chain began with a JavaScript file (*Themes.js*), which downloaded secondary payloads to harvest system details, running processes, and files from the *Users* directory. Collected data was exfiltrated via encoded cabinet files using certutil (a Living-Off-The-Land Binary) to evade detection. Persistence was established via a scheduled task (*Windows Theme Manager*), ensuring long-term access even after reboots. The campaign demonstrated espionage-focused tactics, with attackers conducting extensive system reconnaissance before potential ransomware deployment. The use of legitimate platforms (GitHub, VS Code extensions) for C2 and social engineering lures (e.g., *E-CARD.docx*) highlights the group’s ability to bypass traditional defenses. The attack poses severe risks to national security, sensitive government data, and critical infrastructure, with implications for geopolitical stability if high-value intelligence is compromised.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
OCTOBER 2025
749
SEPTEMBER 2025
749
AUGUST 2025
749
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for ORFA ??
What was ORFA's A.I Rankiteo Cyber Score in June 2026 ??
What was ORFA's A.I Rankiteo Cyber Score in May 2026 ??
What was ORFA's A.I Rankiteo Cyber Score in April 2026 ??
What was ORFA's A.I Rankiteo Cyber Score in March 2026 ??
What was ORFA's A.I Rankiteo Cyber Score in February 2026 ??
What was ORFA's A.I Rankiteo Cyber Score in January 2026 ??
What was ORFA's A.I Rankiteo Cyber Score in December 2025 ??
What was ORFA's A.I Rankiteo Cyber Score in November 2025 ??
What was ORFA's A.I Rankiteo Cyber Score in October 2025 ??
What was ORFA's A.I Rankiteo Cyber Score in September 2025 ??
What was ORFA's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on ORFA's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with ORFA ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view ORFA's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?