#kimsuky

[ follow ]
#spear-phishing #qr-code-phishing #quishing #mobile-security #android-malware #docswap #cj-logistics-spoofing
fromSecuritymagazine
17 hours ago

Security Leaders Discuss FBI Warning: North Korea Exploiting QR Codes

Attackers place malicious QR codes in high-traffic areas, often disguised as legitimate promotional materials or utility services. Physical mail containing QR codes purporting to be from legitimate services, particularly effective for package delivery and financial service scams. While QR codes represent a small percentage, their unique evasion capabilities and growing adoption rates make them vectors with huge latent potential.
Information security
Information security
fromThe Hacker News
3 weeks ago

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

Kimsuky distributes a DocSwap Android RAT via QR-code phishing pages impersonating CJ Logistics, using deceptive prompts and embedded encrypted APKs.
Tech industry
fromThe Hacker News
2 months ago

New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea

Kimsuky deployed a new HttpTroy backdoor via spear-phishing ZIP masquerading as a VPN invoice against a South Korean victim, enabling full remote control.
fromTheregister
3 months ago

Nork snoops whip up fake military ID with help from ChatGPT

Kimsuky, a notorious cybercrime squad believed to be sponsored by the North Korean government, used a deepfaked image of a military employee ID card in a July spear-phishing attack against a military-related organization, according to the Genians Security Center (GSC), a South Korean security institute. The file's metadata indicated it was generated with ChatGPT's image tools, according to Genians, despite OpenAI's efforts to block the creation of counterfeit IDs.
Information security
Information security
fromThe Hacker News
4 months ago

North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

North Korean group Kimsuky used spear-phishing, cloud storage, and GitHub-based command-and-control to deploy Xeno RAT against South Korean diplomatic missions March–July 2025.
Remote teams
fromThe Hacker News
8 months ago

Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan

Kimsuky exploits a patched vulnerability in Microsoft Remote Desktop Services to gain access during a new malicious campaign targeting various sectors.
[ Load more ]