October 18, 2023 at 12:15PM
North Korea’s Kimsuky cyber threat group has been found to be using Remote Desktop Protocol (RDP) and other tools to remotely take over targeted systems. The group has also been leveraging open source software such as TightVNC and Chrome Remote Desktop. Kimsuky continues to use spear phishing as its initial method of access and has added new post-compromise malware to its arsenal. Organizations are advised to take measures such as refraining from opening attachments on suspicious emails and using complex passwords to protect against these evolving threats.
Summary:
The meeting notes reveal that North Korea’s Kimsuky advanced persistent threat (APT) has been evolving its attack methods and increasing its sophistication. It has been using legitimate system remote-desktop tools and custom malware to control victims’ systems. The group has been abusing Remote Desktop Protocol (RDP) and other tools to remotely take over targeted systems. They have also been using open-source software such as TightVNC and Chrome Remote Desktop for control. Kimsuky continues to use spear phishing as its initial method of access, employing custom and open-source malware. Their ultimate goal is to steal internal information and technology from targeted sectors. The group has recently developed the ability to support multiple sessions of RDP on a Windows system, bypassing the single-session limit. To protect against these evolving threats, organizations should implement adequate management and security measures, such as refraining from opening suspicious attachments, setting complex passwords, updating to the latest Windows OS, and using endpoint security products and sandbox-based APT solutions.