Kimsuky Hacking Group Uses forceCopy Malware for Credential Theft
/ 1 min read
🕵️♂️💻 North Korean hacking group Kimsuky employs spear-phishing tactics to deploy malware. The AhnLab Security Intelligence Center (ASEC) has reported that Kimsuky, a state-sponsored hacking group linked to North Korea, is using spear-phishing emails containing disguised Windows shortcut files to deliver a new information stealer malware called forceCopy. These emails, masquerading as Microsoft Office or PDF documents, execute PowerShell commands to download additional payloads, including the trojan PEBBLEDASH and a modified Remote Desktop utility, RDP Wrapper. Kimsuky has also been observed utilizing a PowerShell-based keylogger and proxy malware to maintain persistent access to infected systems, indicating a strategic shift in their attack methods. This group, active since at least 2012, is associated with North Korea’s Reconnaissance General Bureau.
