Summary: A North Korea-linked group, Kimsuky, has been employing a new method of cyberattack that involves tricking targets into executing harmful PowerShell commands on their systems. This tactic, used since January 2025, is a shift from their typical strategies, as they deceive victims into believing they are interacting with South Korean officials. Concurrently, a U.S. woman has pleaded guilty to facilitating the North Korean IT worker scheme that exploited over 300 U.S. companies for illicit gains.
Affected: U.S. companies, individuals, and potentially South Korean government entities
Keypoints :
- Kimsuky impersonates South Korean officials to build trust before sending malicious PDFs.
- Victims are instructed to run PowerShell commands that download remote access tools, allowing data exfiltration.
- Christina Marie Chapman pleaded guilty for her role in a scheme that led to identity theft and fraudulent employment, resulting in over .1 million in illicit revenue.
Source: https://thehackernews.com/2025/02/north-korean-hackers-exploit-powershell.html