all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Kimsuky Targets South Korean Research Institutes with Fake Import Declaration

Add to bookmarks
Nov. 30, 2023, 12:11 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

AhnLab Security Emergency response Center (ASEC) has recently identified that the Kimsuky threat group is distributing a malicious JSE file disguised as an import declaration to research institutes in South Korea. The threat actor ultimately uses a backdoor to steal information and execute commands.


The file name of the dropper disguised as an import declaration is as follows.



  • Import Declaration_Official Stamp Affixed.jse


The file contains an obfuscated PowerShell script, a Base64-encoded backdoor file, and a legitimate PDF file.



Figure 1. …

actor ahnlab asec backdoor center declaration disguised dropper emergency fake file import information kimsuky korea malicious malware analysis name research response security south south korea steal threat threat actor threat group ultimately

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Ransomware Attacks are Up, but Profits are Down: Chainalysis 2 hours ago | malware.news
attacks chainalysis control cyber +20
Apple security advisory (AV24-247) 2 hours ago | malware.news
advisory apple apple security article +8
‘TunnelVision’ DHCP flaw lets attackers bypass VPNs, redirect traffic 2 hours ago | malware.news
article attackers bypass dhcp +11
RSAC 2024: Attendees focus on AI, mobile, and threat telemetry 2 hours ago | malware.news
article can change down +16
Citrix security advisory (AV24-246) 2 hours ago | malware.news
advisory article canadian canadian centre for cyber security +7
How CISA is Preparing For the Influx of CIRCIA Reports 3 hours ago | malware.news
act backend circia cisa +21
From Spam to AsyncRAT: Tracking the Surge in Non-PE Cyber Threats 4 hours ago | malware.news
access asynchronous asyncrat breach +23
Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution 5 hours ago | malware.news
arbitrary code arbitrary code execution cisco cisco talos +19
Big Vulnerabilities in Next-Gen BIG-IP 6 hours ago | malware.news
accounts assets attacker attackers +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Engineer

@ Celonis | Munich, Germany
View on infosec-jobs.com

Security Engineer, Cloud Threat Intelligence

@ Google | Reston, VA, USA; Kirkland, WA, USA
View on infosec-jobs.com

IT Security Analyst*

@ EDAG Group | Fulda, Hessen, DE, 36037
View on infosec-jobs.com

Scrum Master/ Agile Project Manager for Information Security (Temporary)

@ Guidehouse | Lagunilla de Heredia
View on infosec-jobs.com

Waste Incident Responder (Tanker Driver)

@ Severn Trent | Derby , England, GB
View on infosec-jobs.com

Risk Vulnerability Analyst w/Clearance - Colorado

@ Rothe | Colorado Springs, CO, United States
View on infosec-jobs.com
View more jobs