Kimsuky’s Attack Attempts Disguised as Press Releases of Various Topics
The ASEC analysis team has discovered that a malware strain disguised as press releases is being distributed. When this malware is run, it loads a normal document file and attempts to access malicious URLs. If the access is successful, the script existing on the webpage is run. It appears the script is of a similar type to the VBS code found in the ASEC blog post . The list of files discovered so far is as follows:
• North Korea’s Admission of Covid-19 Outbreak and Future Prospects of the Korean Peninsula .docx.exe
• Press Release (For teenagers in the province: operating hands-on drone education).hwp .exe
• Press Release (17th Adoption Day Celebration held after 3 years).hwp .exe
• Press Release (** Institute of Design Promotion pushes for a support project to relieve design issues for small companies).hwp .exe
• Press Release (** Province hosts a social network event for the Family Month).hwp .exe
Read more about it: here