Analysis of New DEEP#GOSU Attack Campaign Likely Associated with North Korean Targeting Victims with Stealthy Malware
released on 2024-03-19 @ 12:39:16 PM
The Securonix Threat Research team uncovered a multi-stage attack campaign likely associated with the North Korean Kimsuky group featuring new code/stagers and recycled code/TTPs reported in the past. The group shifted to using a new script-based attack chain leveraging PowerShell and VBScript stagers to quietly infect systems with monitoring capabilities. All C2 communication handled through Dropbox/Google Docs to evade detection.