Warning Against Distribution of Malware Disguised as Research Papers
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Kimsuky group has launched a sophisticated phishing attack disguised as a request for paper review from a professor. The attack involves a password-protected HWP document with a malicious OLE object, which creates six files upon opening. When executed, these files perform various malicious activities, including collecting system information, downloading additional files, and establishing remote access through AnyDesk. The threat actors use legitimate software and cloud storage services like Dropbox as part of their attack infrastructure. The malware hides its presence by concealing AnyDesk's interface, making detection difficult for users. This case highlights the evolving tactics of APT groups and the importance of cautious handling of files from unknown sources.
OPENCTI LABELS :
apt,phishing,dropbox,anydesk,remote-access,social-engineering,ole,hwp
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Warning Against Distribution of Malware Disguised as Research Papers