A new operation named Larva-24005, linked to the Kimsuky group, has been discovered by ASEC. The threat actors exploited RDP vulnerabilities to infiltrate systems, installing MySpy malware and RDPWrap for continuous remote access. They also deployed keyloggers to record user inputs. The group has been targeting South Korea's software, energy, and financial industries since October 2023, with attacks extending to multiple countries worldwide. Their methods include exploiting the BlueKeep vulnerability (CVE-2019-0708) and using phishing emails. The attackers employ various tools such as RDP scanners, droppers, and keyloggers in their multi-stage attack process.