Kimsuky Group Leverages RDP Wrapper for Persistent Cyber Espionage

Summary: The North Korean APT group Kimsuky has intensified its cyber espionage efforts through sophisticated spear-phishing campaigns and custom-made tools like an RDP Wrapper. This report details Kimsukyโ€™s strategic use of compromised shortcut files and advanced malware for maintaining access and exfiltrating sensitive information. Their evolving tactics showcase a notable shift towards stealthier methods of remote system control.

Affected: Various organizations targeted by Kimsuky

Keypoints :

  • Kimsuky uses spear-phishing campaigns with malicious shortcut files disguised as legitimate documents to infiltrate systems.
  • The group has developed a custom RDP Wrapper to ensure stealthy remote access and has methods to bypass security detection.
  • Keyloggers and proxy malware are employed for information theft and to facilitate connections to compromised machines within private networks.

Source: https://securityonline.info/kimsuky-group-leverages-rdp-wrapper-for-persistent-cyber-espionage/