Cert2Connect

Kimsuky A Gift That Keeps on Giving

This analysis details a sophisticated cyber attack attributed to the North Korean-linked Kimsuky APT group. The attack begins with an LNK file leading to the execution of obfuscated VBS scripts. These scripts create scheduled tasks modify registry keys for persistence and establish communication with a command and control (C2) server. The malware employs various evasion techniques including Base64 encoding and Caesar Cipher obfuscation. The ultimate goal appears to be maintaining long-term access to the victims machine for espionage activities. The report also includes a personal anecdote of the analysts brief interaction with the C2 server receiving a single command after hours of waiting.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak