virus logo Threat Signal Report

Kimsuky Malware Attack

Description

What is the Kimsuky Malware Attack? Kimsuky, officially known as the Kim Suky Group, is a cyber-espionage group linked to North Korea. The group has been active since at least 2012 and is primarily focused on gathering intelligence targeting South Korean government entities. According to a recent observation by Rapid7, the group launched an attack leveraging weaponized Microsoft Office documents, ISO files, Windows shortcut (LNK), and CHM files, or Compiled HTML Help files.
What is the recommended Mitigation? Maintain general awareness and training about the risk of phishing and social engineering attacks in the organization. And, ensuring that all systems and software are kept up-to-date with the latest patches.
What FortiGuard Coverage is available? FortiGuard Labs has existing AV signatures to block all the known malware variants used by Kimsuky group and has blocked related IoCs via Web filtering service. AI-based Behavior detection engine by FortiGuard can detect and block unknown variants of the malware and other sophisticated threats.

Telemetry

Appendix

Mitre (Attribution)

Rapid7 (Analysis)


Date Mar 25, 2024
Threat/
Vulnerability		 Threat
Threat Actor Type Espionage
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services