Persistent Threats from the Kimsuky Group Using RDP Wrapper
Contents
Persistent Threats from the Kimsuky Group Using RDP Wrapper
AhnLab SEcurity intelligence Center (ASEC) has previously analyzed cases of attacks by the Kimsuky group, which utilized the PebbleDash backdoor and their custom-made RDP Wrapper. The Kimsuky group has been continuously launching attacks of the same type, and this post will cover additional malware that have been identified.
1. Overview
Threat actors are distributing a shortcut file (*.LNK) containing a malicious command through spear-phishing attacks. The fact that the file names include names and company names suggests that the threat actors may be gathering information on specific targets.
The shortcut malware is disguised as a document file with an Office document icon such as PDF, Excel, or Word. When this file is executed, PowerShell or Mshta is run to download and execute additional payloads from external sources. The malware that is ultimately executed to control the infected system are PebbleDash and RDP Wrapper. The threat …
AhnLab SEcurity intelligence Center (ASEC) has previously analyzed cases of attacks by the Kimsuky group, which utilized the PebbleDash backdoor and their custom-made RDP Wrapper. The Kimsuky group has been continuously launching attacks of the same type, and this post will cover additional malware that have been identified.
1. Overview
Threat actors are distributing a shortcut file (*.LNK) containing a malicious command through spear-phishing attacks. The fact that the file names include names and company names suggests that the threat actors may be gathering information on specific targets.
The shortcut malware is disguised as a document file with an Office document icon such as PDF, Excel, or Word. When this file is executed, PowerShell or Mshta is run to download and execute additional payloads from external sources. The malware that is ultimately executed to control the infected system are PebbleDash and RDP Wrapper. The threat …