APT attack discovered using Facebook and MS management console (Attack signs detected targeting Korea and Japan)
released on 2024-05-21 @ 11:15:15 AM
A threat actor impersonated a North Korean human rights official on Facebook and approached targets. They shared malicious URLs disguised as documents. Microsoft OneDrive cloud service was used to host the malicious MSC file, which communicated with C2 servers and deployed Reconshark malware associated with the Kimsuky group. Signs of similar attacks targeting Japan were also observed.