Threat Intelligence, Phishing

Kimsuky sets sights on Japanese organizations

Share
Computer keyboard, close-up button of the flag of North Korea.

BleepingComputer reports that North Korean state-sponsored hacking operation Kimsuky has been noted by Japan's Computer Emergency Response Team Coordination Center to have targeted organizations across the country in March.

Attacks by Kimsuky commenced with the distribution of Japanese security and diplomatic organization-spoofing phishing emails with a malicious ZIP file, which when opened triggers malware compromise and system information exfiltration, according to a report from JPCERT/CC. Impacted devices confirmed to be legitimate user machines would then have a VBS file executed to facilitate the deployment of a keystroke and clipboard information logger, said JPCERT/CC. The findings follow a report from the AhnLab Security Intelligence Center detailing a Kimsuky attack involving the execution of a Compiled HTML Help file to deliver malware with more advanced obfuscation methods. Organizations have been urged to be more vigilant of CHM files that may be leveraged in malware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.