July 10, 2024 at 01:14PM
Japanese organizations are being targeted by the North Korean ‘Kimsuky’ threat actors, who use social engineering and phishing to gain network access. They deploy custom malware to steal data and retain persistence. The latest attacks involved distributing a CHM malware strain and utilizing sophisticated obfuscation to evade detection. Vigilance against malicious CHM files is emphasized.
From the provided meeting notes, it is clear that the Japanese organizations are currently facing targeted attacks by the North Korean ‘Kimsuky’ threat actors. These attacks involve social engineering and phishing to gain initial network access, followed by the deployment of custom malware to steal data and maintain persistence on the networks.
The attacks by Kimsuky in Japan were confirmed by JPCERT/CC, and it was noted that the threat actors begin their attacks by sending phishing emails with malicious attachments that lead to malware infection. The attackers then use various techniques, such as VBS files and PowerShell scripts, to collect information and execute additional malicious scripts for exfiltrating user information and performing keylogging.
Moreover, ASEC discovered that Kimsuky was distributing a CHM malware strain in Korea, which involves executing a CHM file that runs a malicious script in the background and employs sophisticated obfuscation techniques to evade detection.
In response to the detected Kimsuky activity, it has been emphasized that organizations need to remain vigilant against CHM files containing executable scripts designed to deliver malware. This underlines the urgency for Japanese organizations to enhance their cybersecurity measures and be wary of potential phishing attempts and malicious file formats.
Lastly, it is crucial for organizations to stay informed about the latest threat activities and security best practices to defend against sophisticated and evolving cyber threats.