April 21, 2025 By Pierluigi Paganini
Researchers spotted a new North Korea-linked group Kimsuky ‘s campaign, exploiting a patched Microsoft Remote Desktop Services flaw to gain initial access.
While investigating a security breach, the AhnLab SEcurity intelligence Center (ASEC) researchers discovered a North Korea-linked group Kimsuky ‘s campaign, tracked as Larva-24005. Attackers exploited an RDP vulnerability to gain initial access to the target systems.
“In some systems, initial access was gained through exploiting the RDP vulnerability (BlueKeep, CVE-2019-0708). While an RDP vulnerability scanner was found in the compromised system, there is no evidence of its actual use.” reads the report published by ASEC. “The threat actor also used other means to distribute the malware, such as attaching the same file to emails and exploiting the Microsoft Office Equation Editor vulnerability (CVE-2017-11882)[1].”
