The North Korean threat actor Kimsuky has developed a new tactic that involves tricking targets into running malicious PowerShell commands. By impersonating South Korean government officials, Kimsuky builds a rapport before sending spear-phishing emails containing fake PDF documents. Victims are guided to launch PowerShell as an administrator and execute malicious code, which subsequently installs a remote desktop tool that provides the attacker access for data exfiltration. This approach marks a departure from Kimsuky's traditional tactics, reflecting a broader trend among North Korean cybercriminals to exploit users’ mistrust and technical vulnerabilities.
Kimsuky is employing a new tactic that deceives victims into executing malicious PowerShell commands by impersonating South Korean officials through spear-phishing strategies.
This approach allows the threat actor to gain remote access to victim devices for data exfiltration, deviating from their previously established methods.
Collection
[
|
...
]