The North Korea-linked Kimsuky hacking group has launched a new social engineering campaign targeting activists in the North Korean human rights and anti-North Korea sectors, The Hacker News reports.
Click for more special coverage
According to a report by South Korean cybersecurity firm Genians, the attack diverges from typical email-based phishing tactics, instead using fake Facebook accounts to approach targets via Messenger.
Posing as a public official in the North Korean human rights field, the attackers trick victims into opening malicious documents hosted on OneDrive. These decoy documents are designed to appear as legitimate essays or content related to significant political events. The files are in the Microsoft Common Console format and further disguised with a Word icon. Upon opening, they initiate a command sequence that connects to a server controlled by the attackers, executing further commands to establish persistence and gather information from the victim’s system. The gathered data is then exfiltrated to the command-and-control server.
The campaign's tactics align with previous Kimsuky activities, such as those involving the ReconShark malware.
