BleepingComputer reports that North Korean state-sponsored hacking operation Kimsuky has been noted by Japan's Computer Emergency Response Team Coordination Center to have targeted organizations across the country in March.
Attacks by Kimsuky commenced with the distribution of Japanese security and diplomatic organization-spoofing phishing emails with a malicious ZIP file, which when opened triggers malware compromise and system information exfiltration, according to a report from JPCERT/CC. Impacted devices confirmed to be legitimate user machines would then have a VBS file executed to facilitate the deployment of a keystroke and clipboard information logger, said JPCERT/CC. The findings follow a report from the AhnLab Security Intelligence Center detailing a Kimsuky attack involving the execution of a Compiled HTML Help file to deliver malware with more advanced obfuscation methods. Organizations have been urged to be more vigilant of CHM files that may be leveraged in malware attacks.
