A North Korea-linked hacking group conducted a sophisticated espionage campaign targeting foreign embassies in South Korea, disguised as diplomatic communications. The operation, possibly rooted in Chinese territory, involved spear-phishing and remote access malware to gather sensitive information. #Kimsuky #XenoRAT
Keypoints
- The campaign has targeted at least 19 embassies and foreign ministries since March.
- The hackers disguised malware-laden emails as official diplomatic correspondence with detailed linguistic and contextual cues.
- The malware used, XenoRAT, allows remote control, keystroke logging, and access to webcams and microphones.
- The activity pattern suggests the hackers may operate from Chinese territory or rely on Chinese contractors.
- This campaign is linked to North Koreaβs Kimsuky group, known for targeting governments and media worldwide.
Read More: https://therecord.media/north-korean-hackers-target-foreign-embassies