North Korea-linked group, Kimsuky, has exploited a flaw in Microsoft’s Remote Desktop Services, according to research by AhnLab SEcurity intelligence Center (ASEC). By gaining initial access to target systems, threat actors installed spyware and manipulated configurations to maintain remote access. Observed since 2023, the group mainly targets South Korean organisations and has impacted various other countries through spear-phishing campaigns and software attacks. In some cases, the Kimsuky group has used the ForceCopy stealer malware to capture keystrokes.
Fog ransomware notes troll with DOGE references, bait insider attacks
Fog ransomware attacks over the past month used a note referencing the U.S. Department of Government Efficiency (DOGE) to trick users into spreading the malware.
