Kimsuky Threat Group Exploting Chrome Remote Desktop
Contents
AhnLab Security Emergency response Center (ASEC) has recently discovered the Kimsuky threat group exploiting Chrome Remote Desktop. The Kimsuky threat group uses not only their privately developed AppleSeed malware, but also remote control malware such as Meterpreter to gain control over infected systems. [1] Logs of the group using customized VNC or exploiting remote control tools such as RDP Wrapper also continue to be detected. [2] This post will summarize recently identified cases of Chrome Remote Desktop exploitation.
The Kimsuky APT group is a threat group deemed to be supported by North Korea and has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a Korean energy corporation in 2014. Since 2017, their attacks have been targeting countries other than South Korea as well. [3]
- Attack Flow
Recently, the Kimsuky group has been mainly using HWP and MS Office document files or CHM files …
The Kimsuky APT group is a threat group deemed to be supported by North Korea and has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a Korean energy corporation in 2014. Since 2017, their attacks have been targeting countries other than South Korea as well. [3]
- Attack Flow
Recently, the Kimsuky group has been mainly using HWP and MS Office document files or CHM files …
IoC
80f381a20d466e7a02ea37592a26b0b8
946e1e0d2e0d7785d2e2bcd3634bcd2a
b6d11017e02e7d569cfe203eda25f3aa
d2eb306ee0d7dabfe43610e0831bef49
d6a38ffdbac241d69674fb142a420740
http://getara1.mygamesonline.org/
http://pikaros2.r-e.kr/
https://asec.ahnlab.com/en/30532/
https://bigfile.mail.naver.com/download?fid=lekqm6cmwzu9hqujfovzfq2lfamjkogzkqgrkoewkoeqkabjkxmlkaulfqula3ydaxgrp63cm4u9mopvmqbmpxm/kzk0kzewkxbmfqvxp2==
https://dl.google.com/dl/edgedl/chrome-remote-desktop/chromeremotedesktophost.msi
https://remotedesktop.google.com/_/oauthredirect
946e1e0d2e0d7785d2e2bcd3634bcd2a
b6d11017e02e7d569cfe203eda25f3aa
d2eb306ee0d7dabfe43610e0831bef49
d6a38ffdbac241d69674fb142a420740
http://getara1.mygamesonline.org/
http://pikaros2.r-e.kr/
https://asec.ahnlab.com/en/30532/
https://bigfile.mail.naver.com/download?fid=lekqm6cmwzu9hqujfovzfq2lfamjkogzkqgrkoewkoeqkabjkxmlkaulfqula3ydaxgrp63cm4u9mopvmqbmpxm/kzk0kzewkxbmfqvxp2==
https://dl.google.com/dl/edgedl/chrome-remote-desktop/chromeremotedesktophost.msi
https://remotedesktop.google.com/_/oauthredirect