Tag: North Korea linked Kimsuky

North Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks
News

North Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks

Kimsuky, also known as Black Banshee, Emerald Sleet, or Springtail, is a threat actor associated with North Korea that has been found to be changing its strategies. It now uses Compiled HTML Help (CHM) files as delivery vectors to distribute malware that harvests sensitive data. Kimsuky is known to target entities in South Korea, North America, Asia, and Europe. It has been active since at least 2012. Rapid7 claims that attack chains have used Windows shortcut (LNK) files, ISO files, and weaponized Microsoft Office documents. The group has also been known to use CHM files to spread malware on infected computers. Based on comparable tradecraft seen in the past, the cybersecurity firm has moderately confidently ascribed the behavior to Kimsuky read more North Korea linked Kimsuky S...