Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group)
Overview AhnLab SEcurity intelligence Center (ASEC) recently identified a change in the Kimsuky group’s method of distributing malicious LNK files. The overall attack flow remains the same as before, with a malicious LNK ultimately executing a Python-based backdoor or downloader. However, a structural change was observed in the intermediate execution
Warning Against Distribution of Malware Disguised as Research Papers (Kimsuky Group)
Recently, the AhnLab SEcurity intelligence Center (ASEC) confirmed the phishing email attack case where the Kimsuky group disguised their attack as a request for paper review from a professor. The email prompted the recipient to open a HWP document file with a malicious OLE object attachment. The document was password-protected,
2023 Dec. – Threat Trend Report on Kimsuky Group
Overview The Kimsuky group’s activities in December 2023 showed an overall decrease in comparison to November, but phishing (ETC) domains increased by almost threefold with all the others showing a slight decrease. Attack Statistics Compared to November, the number of fully qualified domain names (FQDNs) decreased slightly
