CyberSecurityBoard
Sponsor Register Login

Kimsuky Hackers Deploy Weaponized LNK File in Latest Espionage Campaign

Kimsuky, a notorious North Korean hacker group, has been observed deploying a weaponized LNK file in their latest cyber espionage campaign. This attack vector leverages malicious shortcut files to execute payloads stealthily on targeted systems, enabling the group to gain unauthorized access and exfiltrate sensitive information. The use of LNK files is a sophisticated tactic that bypasses traditional security measures, making detection challenging for many organizations. Kimsuky's campaign highlights the evolving threat landscape where state-sponsored actors continuously refine their methods to infiltrate high-value targets. Organizations are urged to enhance their endpoint security, implement strict email filtering, and educate employees about the risks of opening suspicious attachments. This incident underscores the critical need for proactive threat intelligence and robust cybersecurity defenses to mitigate risks posed by advanced persistent threats like Kimsuky. The campaign's technical details reveal the exploitation of Windows shortcut files to deliver malware payloads, emphasizing the importance of monitoring file behaviors and network traffic for anomalies. As Kimsuky continues to target government and private sector entities, collaboration between cybersecurity professionals and intelligence agencies is vital to thwart these sophisticated attacks and protect critical infrastructure.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 10 Sep 2025 13:25:12 +0000


Cyber News related to Kimsuky Hackers Deploy Weaponized LNK File in Latest Espionage Campaign

Kimsuky Hackers Deploy Weaponized LNK File in Latest Espionage Campaign - Kimsuky, a notorious North Korean hacker group, has been observed deploying a weaponized LNK file in their latest cyber espionage campaign. This attack vector leverages malicious shortcut files to execute payloads stealthily on targeted systems, ...
2 months ago Cybersecuritynews.com Kimsuky
Kimsuky Group Using Weaponized file Deploy AppleSeed Malware - Hackers use weaponized LNK files to exploit vulnerabilities in Windows operating systems. These files often contain malicious code that can be executed when the user clicks on the shortcut. These weaponized files allow threat actors to perform ...
1 year ago Cybersecuritynews.com Kimsuky
North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
1 year ago Securityaffairs.com Kimsuky
North Korean Hacker Group Kimsuky Deploys New Linux Malware 'Gomir' via Trojanized Software Installers - Kimsuky, linked to North Korea's military intelligence, the Reconnaissance General Bureau, has a history of sophisticated cyber attacks aimed primarily at South Korean entities. In early February 2024, researchers at SW2, a threat intelligence ...
1 year ago Cysecurity.news Kimsuky
North Korea-Linked Group Levels Multistage Cyberattack on South Korea - North Korea-linked threat group Kimsuky has adopted a longer, eight-stage attack chain that abuses legitimate cloud services and employs evasive malware to conduct cyber espionage and financial crimes against South Korean entities. NET applications - ...
1 year ago Darkreading.com Kimsuky
How Attackers Are Using .LNK Files As a Delivery Mechanism For Malware - Recent research indicates that attackers have moved away from the traditional malicious Office attachment macro in favor of .LNK files. These files, once opened, run malicious scripts intended to deliver malicious payloads onto the host machine, ...
2 years ago Csoonline.com
Exposed Kim Dump Exposes Kimsuky Hackers - The recent leak known as the "Exposed Kim Dump" has unveiled critical insights into the operations of the Kimsuky hacker group, a notorious North Korean cyber espionage entity. This dump includes a wealth of data that sheds light on Kimsuky's ...
2 months ago Cybersecuritynews.com Kimsuky
North Korea's Kimsuky Attacks Rivals' Trusted Platforms - North Korea-linked threat groups are increasingly using living-off-the-land (LotL) techniques and trusted services to evade detection, with a recent Kimsuky campaign showcasing the use of PowerShell scripts and storing data in Dropbox folders, along ...
9 months ago Darkreading.com Andariel Kimsuky
Weaponization of LNK Files Surge by 50% and Primarily Used in Four Different Malware Categories - These seemingly innocuous files, identifiable by their small arrow icon overlay, are increasingly being weaponized by threat actors to execute malicious payloads while maintaining a facade of legitimacy. Their research revealed that threat actors ...
4 months ago Cybersecuritynews.com
Hackers Weaponize PDF Along with a Malicious LNK File - Cybersecurity researchers have uncovered a new attack technique where hackers weaponize PDF files in conjunction with malicious LNK files to compromise systems. This sophisticated method leverages the trust users place in PDF documents, embedding ...
2 months ago Cybersecuritynews.com
North Korean Hackers Weaponizing ZIP Files To Execute Malicious PowerShell Scripts - The LNK file contains embedded code that executes PowerShell commands to extract multiple components: a decoy HWPX document (a Korean document format), executable data files, and a batch script. While the security analyst, Mohamed Ezat from ZW01f ...
8 months ago Cybersecuritynews.com APT3 APT37
US govt sanctions North Korea's Kimsuky hacking group - The Treasury Department's Office of Foreign Assets Control has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals. OFAC has also sanctioned eight North Korean agents for ...
1 year ago Bleepingcomputer.com Andariel Kimsuky
Unpatched Windows Shortcut Vulnerability Let Attackers Execute Remote Code - Security researcher Nafiez has publicly disclosed a previously unknown vulnerability affecting Windows LNK files (shortcuts) that can potentially allow attackers to execute code remotely without user interaction. As security researchers from Intezer ...
6 months ago Cybersecuritynews.com
Threat Actors Weaponize LNK Files With New REMCOS Variant That Bypasses AV Engines - Cybercriminals are increasingly leveraging malicious Windows Shortcut (LNK) files to deploy sophisticated backdoors, with a new campaign delivering an advanced REMCOS variant that successfully evades traditional antivirus detection mechanisms. This ...
3 months ago Cybersecuritynews.com
North Korean Hackers Using Dropbox & PowerShell Scripts To Infiltrate Organizations - Dubbed ‘DEEP#DRIVE’ by researchers at Securonix, the operation leverages phishing lures, obfuscated PowerShell scripts, and Dropbox’s infrastructure to bypass security defenses and exfiltrate sensitive data. A coordinated cyber ...
9 months ago Cybersecuritynews.com Kimsuky
North Korea's ScarCruft Attackers Gear Up to Target Cybersecurity Pros - ScarCruft, the North Korea-sponsored advanced persistent threat group, is gearing up for targeted attacks on cybersecurity researchers and other members of the threat intelligence community - likely in a bid to steal nonpublic threat intel and ...
1 year ago Darkreading.com Kimsuky
Kimsuky APT Targets South Korean Androids, Abuses KakaoTalk for Espionage - The Kimsuky advanced persistent threat (APT) group has been actively targeting South Korean Android users by exploiting the popular messaging app KakaoTalk to conduct espionage activities. This campaign highlights the evolving tactics of Kimsuky, ...
2 weeks ago Darkreading.com Kimsuky
DeerStealer Malware Delivered Via Weaponized .LNK Using LOLBin Tools - The malware masquerades as a legitimate PDF document named “Report.lnk” while covertly executing a complex multi-stage attack chain that leverages mshta.exe, a legitimate Microsoft HTML Application host utility. A sophisticated new ...
4 months ago Cybersecuritynews.com
Gamaredon Hacker Group Using Weaponize LNK Files To Drop Remcos Backdoor on Windows - Cisco Talos researchers identified this campaign has been active since at least November 2024, with evidence suggesting Gamaredon is specifically targeting Ukrainian government organizations, critical infrastructure, and entities affiliated with ...
7 months ago Cybersecuritynews.com
CVE-2022-30426 - There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow ...
3 years ago
New KoiLoader Abuses Powershell Scripts to Deliver Malicious Payload - Cyber Security News - This updated strain employs PowerShell scripts embedded within Windows shortcut (LNK) files to bypass traditional detection mechanisms, demonstrating a concerning evolution in attack methodologies. eSentire’s Threat Response Unit (TRU) first ...
7 months ago Cybersecuritynews.com
Kimsuky - Kimsuky, also known as Velvet Chollima and Black Banshee, is a North Korean state-backed hacker group. The group has been active since at least 2012 and initially focused on targeting South Korean government entities, think tanks, and individuals ...
1 year ago Kimsuky
Kimsuky Hackers Using ClickFix Technique to Execute Malicious Scripts on Victim Machines - Cyber Security News - The attackers impersonate legitimate entities, including government officials, news correspondents, and security personnel, to establish trust before delivering malicious payloads through encrypted archives or deceptive websites designed to mimic ...
4 months ago Cybersecuritynews.com Kimsuky

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)