Kimsuky Strikes Again: North Korean Hackers Unleash ForceCopy Stealer in Cyber Espionage Blitz!
Researchers at AhnLab Security Intelligence Center have identified North Korea’s Kimsuky APT group using spear-phishing attacks to deploy ForceCopy info-stealer malware. This cyberespionage group targets organizations globally, using custom RDP Wrappers and malicious shortcut files to control infected systems.
Hot Take:
North Korea’s Kimsuky APT Group is back at it again, proving that if cyber-espionage were an Olympic sport, they’d definitely be going for the gold. This time, they’re armed with fake Office documents and enough malware to make even the most secure IT administrator break a sweat. It’s like a cybersecurity horror movie, and North Korea is the director, producer, and star.
Key Points:
- Kimsuky APT group is using spear-phishing tactics to deliver ForceCopy info-stealer malware.
- Malicious *.LNK shortcut files, disguised as Office documents, are used to execute malware.
- Custom RDP Wrapper is employed to enable remote desktop access and avoid detection.
- ForceCopy malware is used for capturing keystrokes and extracting files from browsers.
- ASEC researchers observed changes in Kimsuky’s attack methods, focusing on remote control tools.
Already a member? Log in here