Kimsuky Threat Group Uses RDP to Control Infected Systems
Contents
Kimsuky, a threat group known to be supported by North Korea, has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a South Korean energy agency in 2014. Other countries have also become targets of their attack since 2017. [1] The group usually launches spear phishing attacks on the national defense, diplomatic, and academic sectors, defense and media industries, as well as national organizations. Their goal is to exfiltrate internal information and technology from the targets. [2]
After initial access, the Kimsuky threat group usually installs backdoors to control the infected systems or Infostealers to exfiltrate sensitive information within the infected systems. While open-source-based malware such as xRAT (Quasar RAT) or malware developed by the group itself are used in attacks, the group also uses legitimate tools to control the infected system.
It is a characteristic of the Kimsuky group to use these malware …
After initial access, the Kimsuky threat group usually installs backdoors to control the infected systems or Infostealers to exfiltrate sensitive information within the infected systems. While open-source-based malware such as xRAT (Quasar RAT) or malware developed by the group itself are used in attacks, the group also uses legitimate tools to control the infected system.
It is a characteristic of the Kimsuky group to use these malware …
IoC
02804d632675b2a3711e19ef217a2877
0d6717c3fa713c5f5f5cb0539b94b84f
0d691673af913dc0942e55548f6e2e4e
116a71365b83cc38211ccfc8059b363e
2dbe8e89310b42e295bfdf3aad955ba9
5.61.59.53
7313dc4d9d6228e442fc6ef9ba5a1b9a
ad9a3e893abdac7549a7d66ca32142e8
be2f73a637258aa872bdf548daf55336
c8d589ac5c872b12e502ec1fc2fee0c7
http://5.61.59.53:2086
https://onessearth.online/up/upload_dotm.php
https://powsecme.co/up/upload_dotm.php
0d6717c3fa713c5f5f5cb0539b94b84f
0d691673af913dc0942e55548f6e2e4e
116a71365b83cc38211ccfc8059b363e
2dbe8e89310b42e295bfdf3aad955ba9
5.61.59.53
7313dc4d9d6228e442fc6ef9ba5a1b9a
ad9a3e893abdac7549a7d66ca32142e8
be2f73a637258aa872bdf548daf55336
c8d589ac5c872b12e502ec1fc2fee0c7
http://5.61.59.53:2086
https://onessearth.online/up/upload_dotm.php
https://powsecme.co/up/upload_dotm.php