APT attack discovered using Facebook and MS management console…

216.73.216.6

APT attack discovered using Facebook and MS management console (Attack signs detected targeting Korea and Japan)

· Published 21/05/2024 11:15 · Modified 21/05/2024 11:37

Essential information

Published: 21/05/2024 11:15
Modified: 21/05/2024 11:37
Tags: 2024-05-21 apt kimsuky northkorea
Related entities: 46 observables, 1 intrusion sets (apt), 13 techniques (mitre), 1 malware, 1 others

Description

A threat actor impersonated a North Korean human rights official on Facebook and approached targets. They shared malicious URLs disguised as documents. Microsoft OneDrive cloud service was used to host the malicious MSC file, which communicated with C2 servers and deployed Reconshark malware associated with the Kimsuky group. Signs of similar attacks targeting Japan were also observed.

External references

https://www.genians.co.kr/blog/threat_intelligence/facebook
https://otx.alienvault.com/pulse/664c824398761b028f8bcb9d

APT attack discovered using Facebook and MS management console (Attack signs detected targeting Korea and Japan)

Essential information

Description

Related entities

Observables (46)

Intrusion sets (APT) (1)

Techniques (MITRE) (13)

Malware (1)

Others (1)

External references