VERY IMPORTANT

This report details a cyber-espionage campaign attributed to Kimsuky, a North Korean APT group, targeting South Korean entities. The attack uses malicious Windows shortcut files as initial access, followed by obfuscated scripts and a sophisticated malware framework. The malware performs extensive system profiling, steals credentials and sensitive documents, monitors user activity, and exfiltrates data over standard web traffic. It establishes persistence, evades detection, and maintains communication with command-and-control infrastructure. The campaign demonstrates Kimsuky's evolution in stealth, modularity, and targeting precision, representing a serious espionage threat that requires advanced behavioral monitoring and network anomaly detection to combat.