Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan

Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan
Summary: Cybersecurity researchers have identified a malicious campaign by North Korean threat actor Kimsuky, utilizing a critical vulnerability in Microsoft Remote Desktop Services (CVE-2019-0708) alongside phishing tactics to infiltrate systems. The campaign, named Larva-24005, aims to deploy malware such as MySpy and keyloggers to collect sensitive information. Targeted sectors include software, energy, and finance, with victims primarily in South Korea and Japan.

Affected: Various organizations in the software, energy, and financial sectors in South Korea, Japan, and other countries

Keypoints :

  • Exploitation of the RDP vulnerability (CVE-2019-0708) allows for unauthorized remote access.
  • Phishing emails trigger another vulnerability (CVE-2017-11882) to gain initial access.
  • Attackers use malware such as MySpy and keyloggers like KimaLogger to capture sensitive data.
  • The campaign has been active since October 2023, affecting multiple countries across various sectors.

Source: https://thehackernews.com/2025/04/kimsuky-exploits-bluekeep-rdp.html