Kimsuky Hackers Utilize Custom RDP Wrapper for Access
/ 1 min read
🕵️♂️ Kimsuky hackers adopt stealthy tactics with custom RDP Wrapper for remote access. The North Korean hacking group Kimsuky has shifted its approach by utilizing a custom-built RDP Wrapper and proxy tools to infiltrate systems, as reported by AhnLab Security Intelligence Center (ASEC). This new strategy involves spear-phishing emails with malicious shortcut files disguised as documents, which, when opened, deploy various payloads including the notorious PebbleDash backdoor. The modified RDP Wrapper allows for persistent access while evading antivirus detection, enabling the hackers to maintain a low profile. Kimsuky continues to evolve as a significant cyber-espionage threat, focusing on intelligence collection through increasingly sophisticated methods.
