Application security, Threat Intelligence, Phishing

Human rights activists targeted in Kimsuky malware campaign

Computer keyboard, close-up button of the flag of North Korea.

The North Korea-linked Kimsuky hacking group has launched a new social engineering campaign targeting activists in the North Korean human rights and anti-North Korea sectors, The Hacker News reports.

Click for more special coverage

According to a report by South Korean cybersecurity firm Genians, the attack diverges from typical email-based phishing tactics, instead using fake Facebook accounts to approach targets via Messenger.

Posing as a public official in the North Korean human rights field, the attackers trick victims into opening malicious documents hosted on OneDrive. These decoy documents are designed to appear as legitimate essays or content related to significant political events. The files are in the Microsoft Common Console format and further disguised with a Word icon. Upon opening, they initiate a command sequence that connects to a server controlled by the attackers, executing further commands to establish persistence and gather information from the victim’s system. The gathered data is then exfiltrated to the command-and-control server.

The campaign's tactics align with previous Kimsuky activities, such as those involving the ReconShark malware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.