FlagThis

The Kimsuky APT group is actively employing a custom-built RDP Wrapper and proxy tools to gain unauthorized access to infected machines, enabling persistent cyber espionage. This involves spear-phishing tactics and the distribution of malicious shortcut files disguised as legitimate documents. AhnLab’s ASEC team has released a blog post detailing additional malware used in these attacks. This highlights the group’s evolving tactics and persistent threat to organizations.