Summary: Cybersecurity researchers have identified a malicious campaign by North Korean threat actor Kimsuky, utilizing a critical vulnerability in Microsoft Remote Desktop Services (CVE-2019-0708) alongside phishing tactics to infiltrate systems. The campaign, named Larva-24005, aims to deploy malware such as MySpy and keyloggers to collect sensitive information. Targeted sectors include software, energy, and finance, with victims primarily in South Korea and Japan.
Affected: Various organizations in the software, energy, and financial sectors in South Korea, Japan, and other countries
Keypoints :
- Exploitation of the RDP vulnerability (CVE-2019-0708) allows for unauthorized remote access.
- Phishing emails trigger another vulnerability (CVE-2017-11882) to gain initial access.
- Attackers use malware such as MySpy and keyloggers like KimaLogger to capture sensitive data.
- The campaign has been active since October 2023, affecting multiple countries across various sectors.
Source: https://thehackernews.com/2025/04/kimsuky-exploits-bluekeep-rdp.html