It’s 2024 and North Korea’s Kimsuky gang is exploiting Windows Help files


North Korea’s notorious Kimsuky cyber crime gang has commenced a campaign using fresh tactics, according to infosec tools vendor Rapid7.

A Wednesday post explains that the crew – also known as Black Banshee, Thallium, APT 43 and Velvet Chollima – has a long history of trying to lift info from government agencies and outfits like think tanks, probably to gather intelligence that Kim Jong Un’s regime might find valuable.

Kimsuky’s favorite tactic is spear phishing, sometimes after a lengthy social engineering effort from correspondents posing as academics or media. Past attacks have seen victims sent a questionnaire laden with malware.

Rapid7 isn’t sure how the gang distributes its latest attack, but is confident the payload includes poisoned Microsoft Compiled HTML Help (CHM) files along with ISO, VHD, ZIP and RAR files.#

Read more…