Case of Larva-25004 Group (Related to Kimsuky) Exploiting Additional Certificate - Malware Signed with Nexaweb Certificate
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
AhnLab Security Intelligence Center discovered malware signed with Nexaweb Inc.'s certificate, linked to the Kimsuky group's activities. The malware, tracked as Larva-25004, was found in two files signed on May 24 and 28, 2024. When executed, it displays a PDF file related to employment as bait, likely targeting individuals interested in defense company jobs. The certificate's authenticity is still under investigation. The malware's characteristics match those of files signed with a Korean company's certificate, previously reported in connection with Kimsuky. This incident highlights the ongoing threat of certificate exploitation by sophisticated threat actors.
OPENCTI LABELS :
kimsuky,certificate exploitation,signed malware,nexaweb,certificate leak
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Case of Larva-25004 Group (Related to Kimsuky) Exploiting Additional Certificate - Malware Signed with Nexaweb Certificate