Kimsuky Hackers from North Korea Use New Tactics and Malicious Scripts in Latest Campaigns - #Kimsuky
The North Korean state-sponsored APT group Kimsuky has significantly advanced its cyber espionage techniques, targeting various countries with a focus on South Korea and the United States. Their evolving tactics include sophisticated social engineering methods like 'ClickFix' and 'ClickRegister', as well as the use of custom malware and open-source tools for initial access, persistence, and data exfiltration. Kimsuky's campaigns, such as DEEP#GOSU and DEEP#DRIVE, have employed multi-stage attacks using PowerShell scripts, VBScript, and remote access trojans to bypass security measures and maintain long-term access to compromised systems. The group has shown particular interest in targeting defense contractors, government agencies, and organizations involved in international affairs, demonstrating their focus on espionage over financial gain. To counter these threats, cybersecurity experts recommend implementing robust email security, network segmentation, continuous monitoring, and advanced endpoint protection solutions with behavioral analysis capabilities.