Operation Covert Stalker
Contents
On May 3rd, 2022, AhnLab posted an analysis on the ASEC blog under the title “Distribution of Malicious Word File Related to North Korea’s April 25th Military Parade”.
[+] Analysis of Malware Disguised with Military Parade Content: https://asec.ahnlab.com/en/33936/
This report is based on 17 months of tracking and analysis of the Kimsuky group’s hacking activities (C2 operations, management, sending hacking emails, distributing malware, etc.) that share similar patterns with the major characteristics (C2, web shells, etc.) explained in the analysis above. The Kimsuky group’s hacking activities included sending phishing emails and hacking emails with malware attachments to certain individuals or organizations involved in the field of North Korea, politics, diplomacy, and security with the purpose of stealing email accounts and important materials. The group carried out covert and persistent hacking to achieve its purpose, which is why we named this operation “Operation Covert Stalker”. The report also explains why we believe the …
[+] Analysis of Malware Disguised with Military Parade Content: https://asec.ahnlab.com/en/33936/
This report is based on 17 months of tracking and analysis of the Kimsuky group’s hacking activities (C2 operations, management, sending hacking emails, distributing malware, etc.) that share similar patterns with the major characteristics (C2, web shells, etc.) explained in the analysis above. The Kimsuky group’s hacking activities included sending phishing emails and hacking emails with malware attachments to certain individuals or organizations involved in the field of North Korea, politics, diplomacy, and security with the purpose of stealing email accounts and important materials. The group carried out covert and persistent hacking to achieve its purpose, which is why we named this operation “Operation Covert Stalker”. The report also explains why we believe the …