all InfoSec news
Kimsuky Targets South Korean Research Institutes with Fake Import Declaration
Malware Analysis, News and Indicators - Latest topics malware.news
AhnLab Security Emergency response Center (ASEC) has recently identified that the Kimsuky threat group is distributing a malicious JSE file disguised as an import declaration to research institutes in South Korea. The threat actor ultimately uses a backdoor to steal information and execute commands.
The file name of the dropper disguised as an import declaration is as follows.
- Import Declaration_Official Stamp Affixed.jse
The file contains an obfuscated PowerShell script, a Base64-encoded backdoor file, and a legitimate PDF file.
Figure 1. …
actor ahnlab asec backdoor center declaration disguised dropper emergency fake file import information kimsuky korea malicious malware analysis name research response security south south korea steal threat threat actor threat group ultimately