BlueKeep Bleak: North Korea’s Kimsuky Strikes Again with RDP Exploit on South Korea and Japan

Kimsuky, a notorious North Korea-linked group, has been exploiting the BlueKeep RDP flaw to infiltrate targets in South Korea and Japan. Like a cyber ninja, they’ve been sneaking into systems, installing spyware, and launching phishing attacks, all while avoiding detection. It’s a digital heist that leaves no stone unturned, or un-hacked.

3P
Published: April 21, 2025 6:35 pmAdded: April 21, 2025 at 12:01 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

It seems like Kimsuky just can’t resist a good old-fashioned ‘throwback attack,’ resurrecting the 2019 BlueKeep vulnerability like it’s a vintage vinyl record. Who knew cyber espionage had a retro phase?

Key Points:

  • Kimsuky, a North Korea-linked APT group, exploits the BlueKeep RDP vulnerability for initial access.
  • The attack campaign, dubbed Larva-24005, also employs phishing and exploits older Microsoft Office vulnerabilities.
  • Once inside, attackers deploy MySpy, RDPWrap, and keyloggers to maintain access and gather data.
  • Targeted regions include South Korea, Japan, and other international targets, focusing on sectors like software and energy.
  • Indicators of Compromise (IoC) for these attacks have been published by ASEC researchers for defensive measures.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?