North Korean hacking group Kimsuky is changing its tactics, using the remote desktop protocol (RDP) and proxy tools rather than traditional backdoors to take over systems. This approach is designed to enhance stealth and maintain persistence. The cyberespionage group delivers its malware through spear-phishing emails containing disguised .LNK shortcut files. The modified version of the RDP Wrapper utility is used to bypass malicious file detection, while proxy tools facilitate access to private networks. Targets are mainly South Korean organizations, but also include the US, Japan, and Germany.
Splunk Unveils a New AI Based Honeypot “DECEIVE” to Log Attacker Activities
Splunk has launched DECEIVE, an AI-driven honeypot system that simplifies the simulation of high-interaction environments for monitoring attacker behavior. Utilizing large language models, DECEIVE requires
