2025-04-11
Qianxin
疑似Kimsuky(APT-Q-2)针对韩国企业发起攻击
#APT-Q-2
#BlueMoonSoft
#DanAm
BlueMoonSoft
#BlueMoonSoft
- Reported: 2025-04
- Locations: Korea, Republic of
- Motivations: #SupplyChain
- Sectors: #Technology
Summary
In April 2025, the North Korean hacking group Kimsuky exploited a stolen code-signing certificate from South Korean software company Blue Moon Soft to distribute malware disguised as legitimate software. This breach allowed the attackers to sign malicious code, making it appear trustworthy to security systems and users. The compromised certificate was used to target various South Korean institutions, including the Korea Institute of Machinery and Materials.