Kimsuky Deploys Malicious LNK Files to Implant Python-Based Backdoor in Multi-Stage Attack
Contents
Notable Changes Observed in Malicious LNK Files Distributed by Kimsuky Group
Press enter or click to view image in full size
Article Summary: The North Korean Kimsuky hacker group recently used malicious LNK files disguised as HWP documents to launch multi-stage attacks. They extended the attack chain by adding intermediate stages such as XML, VBS, and PS1 files to evade detection. The attack creates hidden folders, registers scheduled tasks for persistence, and finally deploys a Python backdoor that supports remote command execution, file theft, and other capabilities. Data is exfiltrated through Dropbox to blend in with normal traffic.
Categories: Malware, Threat Intelligence, Incident Response, Vulnerability Analysis, Red Team
Get Excalibra’s stories in your inbox
Join Medium for free to get updates from this writer.
Remember me for faster sign in
Recently, a clear evolution has been detected in the malicious LNK files being distributed by the Kimsuky group. While the overall flow leading to the execution of …
Press enter or click to view image in full size
Article Summary: The North Korean Kimsuky hacker group recently used malicious LNK files disguised as HWP documents to launch multi-stage attacks. They extended the attack chain by adding intermediate stages such as XML, VBS, and PS1 files to evade detection. The attack creates hidden folders, registers scheduled tasks for persistence, and finally deploys a Python backdoor that supports remote command execution, file theft, and other capabilities. Data is exfiltrated through Dropbox to blend in with normal traffic.
Categories: Malware, Threat Intelligence, Incident Response, Vulnerability Analysis, Red Team
Get Excalibra’s stories in your inbox
Join Medium for free to get updates from this writer.
Remember me for faster sign in
Recently, a clear evolution has been detected in the malicious LNK files being distributed by the Kimsuky group. While the overall flow leading to the execution of …