Kimsuky’s Phishy Business: North Korean Hackers Hooking Victims with Sneaky Malware

Kimsuky, the notorious North Korea-linked hacking group, is at it again, this time with a new malware named forceCopy. This sneaky stealer targets files in web browser directories, using phishing emails with disguised attachments to launch its attacks. Who knew phishing could be this crafty?

3P
Published: February 6, 2025 12:33 pmAdded: February 6, 2025 at 4:52 amAssembled by: The Editor
Pro Dashboard

Hot Take:

It seems North Korea’s Kimsuky is back at it again, proving that their spear-phishing game is as sharp as ever. If only they could use their talents for good, like crafting the world’s most secure email filter instead of trying to sneak into our inboxes and steal our secrets. But alas, they’re more interested in playing catfish with our credentials.

Key Points:

  • Kimsuky, a North Korea-linked hacking group, is using spear-phishing to deploy the forceCopy malware.
  • The attacks start with emails containing a disguised Windows shortcut file.
  • The payloads include PEBBLEDASH trojan and a modified RDP Wrapper tool.
  • New tactics involve using a PowerShell-based keylogger and forceCopy to steal browser data.
  • Kimsuky has a history of targeting with sophisticated social engineering attacks.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?