18
North Korean cybercriminal group Kimsuky has introduced a sophisticated social engineering strategy to infiltrate systems. Microsoft’s Threat Intelligence team reveals the attackers impersonate South Korean government officials to gain victims’ trust before sending spear-phishing emails with malicious PDFs.
These documents redirect users to fake device registration pages, urging them to execute PowerShell commands, enabling attackers to install browser-based remote desktop tools and gain direct access to victims’ systems.
This campaign, targeting NGOs, government agencies, and media companies globally, emphasizes the urgent need for enhanced cybersecurity awareness and advanced threat protection.
