North Korea-backed Kimsuky targets unpatched BlueKeep systems in new campaign

Posted on by

The campaign targeted South Korea and Japan

Based on the analysis of the campaign infrastructure, threat actors have been attacking South Korea, the US, China, Japan, Germany, Singapore, South Africa, the Netherlands, Mexico, Vietnam, Belgium, the UK, Canada, Thailand, and Poland.

However, AhnLab researchers were only able to retrieve samples of phishing emails sent to South Korea and Japan. “These threat actors have been attacking South Korea’s software, energy, and financial industries since October 2023,” the researchers said.

As indicators of compromise (IOCs), the researchers shared a list of hash functions (MD5), URLs, and domain names (FQDN) that security teams can set detection alerts for.