Warning Against Distribution of Malware Disguised as Research Papers (Kimsuky Group)
Recently, the AhnLab SEcurity intelligence Center (ASEC) confirmed the phishing email attack case where the Kimsuky group disguised their attack as a request for paper review from a professor. The email prompted the recipient to open a HWP document file with a malicious OLE object attachment. The document was password-protected,
2023 Dec. – Threat Trend Report on Kimsuky Group
Overview The Kimsuky group’s activities in December 2023 showed an overall decrease in comparison to November, but phishing (ETC) domains increased by almost threefold with all the others showing a slight decrease. Attack Statistics Compared to November, the number of fully qualified domain names (FQDNs) decreased slightly
Kimsuky Group Uses ADS to Conceal Malware
AhnLab Security Emergency response Center (ASEC) has discovered that the Kimsuky group is using Alternate Data Stream (ADS) to hide their malware. This malware is an Infostealer that collects data by starting the VBScript included inside an HTML file. It can be characterized by its tendency to add the actual
Kimsuky Group Distributes Malware Disguised as Profile Template (GitHub)
AhnLab Security Emergency response Center (ASEC) has confirmed the distribution of a malicious Word file disguised as a profile template from emails impersonating a certain professor. ‘[Attachment] Profile Template.doc’ is the filename of the password-protected Word file that was discovered, with the password itself being included in the body of
