Tag: kimsuky
All the articles with the tag "kimsuky".
-
Kimsuky Deploys Malicious LNK Files to Implant Python-Based Backdoor in Multi-Stage Attack
Detailed technical analysis of Kimsuky's latest campaign using disguised LNK files that deploy a sophisticated multi-stage attack chain (LNK → XML → VBS → PS1 → BAT) leading to a Python backdoor (beauty.py). Covers persistence via scheduled tasks, data exfiltration through Dropbox, custom C2 protocol, and command set.
-
North Korea-Linked Hackers Use GitHub as C2 Infrastructure to Attack South Korea
FortiGuard Labs has uncovered a new campaign by the North Korea-linked Kimsuky group using GitHub as Command-and-Control infrastructure. The multi-stage attack begins with phishing LNK files, employs heavy anti-VM and anti-analysis techniques, establishes persistence via scheduled tasks, and exfiltrates data to attacker-controlled GitHub repositories.