North Korea’s Kimsuky Targeting South Korean Research Institutes with Backdoor Attacks

Research institutes in South Korea have been observed being targeted by Kimsuky, a North Korean threat actor, as part of a spear-phishing campaign aimed at distributing backdoors on compromised systems.

In the end, the threat actor uses a backdoor to obtain data and carry out instructions, according to an analysis published last week by the AhnLab Security Emergency Response Center (ASEC).

The attack chains begin with an import declaration lure, which is actually a malicious JSE file that contains a decoy PDF document, a Base64-encoded payload, and an obfuscated PowerShell script. The next step is to launch the backdoor by opening the PDF file as a distraction technique while read more North Korea’s Kimsuky Targeting South Korean Research Institutes with Backdoor Attacks.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *