Summary: The North Korean APT group Kimsuky has intensified its cyber espionage efforts through sophisticated spear-phishing campaigns and custom-made tools like an RDP Wrapper. This report details Kimsuky’s strategic use of compromised shortcut files and advanced malware for maintaining access and exfiltrating sensitive information. Their evolving tactics showcase a notable shift towards stealthier methods of remote system control.
Affected: Various organizations targeted by Kimsuky
Keypoints :
- Kimsuky uses spear-phishing campaigns with malicious shortcut files disguised as legitimate documents to infiltrate systems.
- The group has developed a custom RDP Wrapper to ensure stealthy remote access and has methods to bypass security detection.
- Keyloggers and proxy malware are employed for information theft and to facilitate connections to compromised machines within private networks.
Source: https://securityonline.info/kimsuky-group-leverages-rdp-wrapper-for-persistent-cyber-espionage/