The article discusses an ongoing cyber-attack campaign named DEEP#DRIVE, attributed to the Kimsuky group, targeting South Korea's business, governmental, and cryptocurrency sectors. Researchers noted that attackers used deceptive phishing emails with malicious attachments disguising as legitimate documents, triggering a multi-stage infection process. The attack heavily utilizes PowerShell scripts for operational tasks, and Dropbox is employed for payload distribution. Notably, the campaign initiates with a ZIP file that leads to a Windows shortcut, establishing a foothold through a scheduled task that hides malicious activities.
The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky and targets South Korean sectors.
The attackers are leveraging tailored phishing lures written in Korean, disguised as legitimate documents, initiating a sophisticated infection process.
This attack relies heavily on PowerShell scripts for various stages, including payload delivery and reconnaissance, indicating a well-planned operation.
The decoy documents include .HWP, .XLSX, and .PPTX files, presenting fake work logs and crypto files to trick recipients.
Collection
[
|
...
]