Warning Against Distribution of Malware Impersonating a Public Organization (LNK)

AhnLab Security Emergency response Center (ASEC) observed the distribution of malicious shortcut (*.lnk) files impersonating a public organization. The threat actor seems to be distributing a malicious script (HTML) file disguised as a security email by attaching it to emails. These usually target individuals in the field of Korean reunification and national security. Notably, these were disguised with topics of honorarium payment to make them seem like legitimate documents. The malware’s operation method and C2 format are similar to those …

actor ahnlab asec center disguised distribution email emails emergency file files html impersonating lnk malicious malware malware analysis organization public public organization response script security target threat threat actor warning