Summary: K7 Labs recently analyzed cyber tactics utilized by the North Korean APT group Kimsuky, shedding light on their use of malicious scripts and payloads in recent campaigns. The analysis reveals a sophisticated infection chain designed to exfiltrate sensitive information while evading detection. Key tactics include phishing, malware infections, and the use of dynamic obfuscation techniques to bypass security measures.
Affected: Organizations and systems targeted by Kimsuky, notably those in South Korea, Japan, and the U.S.
Keypoints :
- Kimsuky employs a range of tactics including phishing, malware infections, and supply chain attacks for data exfiltration.
- The infection begins with a ZIP file containing a VBScript and PowerShell script that uses obfuscation to evade detection.
- Functions within the PowerShell script are designed for data exfiltration, keylogging, and tracking system environment to avoid analysis.