Kimsuky Malware Attack
Description
What is the Kimsuky Malware Attack? |
Kimsuky, officially known as the Kim Suky Group, is a cyber-espionage group linked to North Korea. The group has been active since at least 2012 and is primarily focused on gathering intelligence targeting South Korean government entities. According to a recent observation by Rapid7, the group launched an attack leveraging weaponized Microsoft Office documents, ISO files, Windows shortcut (LNK), and CHM files, or Compiled HTML Help files. |
What is the recommended Mitigation? | Maintain general awareness and training about the risk of phishing and social engineering attacks in the organization. And, ensuring that all systems and software are kept up-to-date with the latest patches. |
What FortiGuard Coverage is available? |
FortiGuard Labs has existing AV signatures to block all the known malware variants used by Kimsuky group and has blocked related IoCs via Web filtering service. AI-based Behavior detection engine by FortiGuard can detect and block unknown variants of the malware and other sophisticated threats.
|
Telemetry
✖