North Korean threat actors, possibly working from China or mimicking Chinese tactics, targeted South Korean diplomatic missions with sophisticated spear-phishing campaigns using cloud platforms and GitHub. They employed open-source malware, like Xeno RAT and MoonPeak, to infiltrate systems and exfiltrate sensitive information, blending operational tactics across regions. #Kimsuky #MoonPeak
Keypoints
- North Korean hackers conducted a campaign targeting South Korean diplomacy from March to July 2025.
- The attack involved spear-phishing emails impersonating trusted diplomatic contacts in multiple languages.
- Malware was delivered via trusted cloud storage, using disguised ZIP and LNK files to execute PowerShell scripts.
- The operations showed rapid infrastructure updates and seemed to originate from Chinese time zones or regions.
- North Koreaβs cyber activities extend to infiltrating companies using AI and remote worker schemes, with over 320 incidents reported.
Read More: https://thehackernews.com/2025/08/north-korea-uses-github-in-diplomat.html