Hackers use weaponized LNK files to exploit vulnerabilities in Windows operating systems.
These files often contain malicious code that can be executed when the user clicks on the shortcut.
These weaponized files allow threat actors to perform several types of malicious activities like:-.
Recently, cybersecurity researchers at ASEC identified that the Kimsuky group has been actively using the weaponized LNK file to deploy AppleSeed malware.
Kimsuky, backed by North Korea, has been active since 2013.
Initially, this group hit South Korean research institutes and later targeted a South Korean energy corporation in 2014.
This sophisticated group expanded its attack surface globally in 2017, and it specializes in spear phishing against:-.
The primary goal of this group is to steal internal info and technologies.
The operators of this group prefer LNK malware but also use:-.
It's persistent in the use of AppleSeed, with recent variations like AlphaSeed, and not only that even it also maintains consistency in Infostealer and RDP Patch malware since 2022.
Apart from this, it notably switched from RDP to Chrome Remote Desktop for better control with minimal changes to methods.
AppleSeed is controlled by threat actors and often distributed through a JavaScript dropper.
AlphaSeed, a Golang malware similar to AppleSeed, uses ChromeDP for C&C communication and different login methods.
Kimsuky group combines AppleSeed and AlphaSeed, sometimes installing them together.
Metasploit is a penetration testing framework that includes Meterpreter, which is also a backdoor used by Kimsuky.
Kimsuky threat group targets South Korea with constant spear phishing, sending malware as email attachments, and running these files gives them control over the targeted system.
Cybersecurity researchers urged users to follow the following recommendations:-.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 28 Dec 2023 15:26:53 +0000