Kimsuky

VNC Malware (TinyNuke, TightVNC) Used by Kimsuky Group

While monitoring Kimsuky-related malware, the ASEC analysis team has recently discovered that VNC malware was installed via AppleSeed remote control malware. VNC, also known as Virtual Network Computing, is a screen sharing system that remotely controls other computers. Similar to the commonly-used RDP, it is used to remotely access and control other systems. Kimsuky group installs AppleSeed backdoor on the target system after the initial compromise, then additionally installs VNC malware via AppleSeed to ultimately control the target system in…

Malware with the Filename kakaoTest.exe, Possibly Developed by Kimsuky

The ASEC analysis team has been keeping eye on the trend of malware that attempts APT attacks using Word documents, and sharing them in the blog. The team has found additional malicious files that use the same code as the malware created from document files such as ‘Constitution Day International Academic Forum.doc’ and ’28th North Korea-South Korea Relations Experts Discussion***.doc’ that Kimsuky group developed and distributed which were mentioned in the previous post. More information will be shared below. The…

Attack Cases Using Metasploit Meterpreter

Metasploit is a framework used in penetration testing. It is a tool that can be used to inspect security vulnerabilities for networks and systems of companies and organizations, providing various features for each penetration test stage. Like Cobalt Strike, it provides features necessary for each stage, from creating various types of payloads for the initial infection and stealing account information to dominating the system via lateral movement. While Cobalt Strike is commercial software, its crack version is leaked and used…