< Back
backup img
07 December 2023

Kimsuky’s Attack Attempts Disguised as Press Releases of Various Topics

The ASEC analysis team has discovered that a malware strain disguised as press releases is being distributed. When this malware is run, it loads a normal document file and attempts to access malicious URLs. If the access is successful, the script existing on the webpage is run. It appears the script is of a similar type to the VBS code found in the ASEC blog post . The list of files discovered so far is as follows:

• North Korea’s Admission of Covid-19 Outbreak and Future Prospects of the Korean Peninsula .docx.exe

• Press Release (For teenagers in the province: operating hands-on drone education).hwp .exe

• Press Release (17th Adoption Day Celebration held after 3 years).hwp .exe

• Press Release (** Institute of Design Promotion pushes for a support project to relieve design issues for small companies).hwp .exe

• Press Release (** Province hosts a social network event for the Family Month).hwp .exe

 

Read more about it: here