Contact

Warning Against Distribution of Malware Disguised as Research Papers

NetmanageIT OpenCTI - opencti.netmanageit.com

Warning Against Distribution of Malware Disguised as Research Papers



SUMMARY :

The Kimsuky group has launched a sophisticated phishing attack disguised as a request for paper review from a professor. The attack involves a password-protected HWP document with a malicious OLE object, which creates six files upon opening. When executed, these files perform various malicious activities, including collecting system information, downloading additional files, and establishing remote access through AnyDesk. The threat actors use legitimate software and cloud storage services like Dropbox as part of their attack infrastructure. The malware hides its presence by concealing AnyDesk's interface, making detection difficult for users. This case highlights the evolving tactics of APT groups and the importance of cautious handling of files from unknown sources.

OPENCTI LABELS :

apt,phishing,dropbox,anydesk,remote-access,social-engineering,ole,hwp


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Warning Against Distribution of Malware Disguised as Research Papers