Tech

North Korean Hackers Target Devices with PowerShell Trick in Evolving Cyberattack

17
Hack Warning Cyberattack

A North Korea-linked hacking group, Kimsuky, has adopted a new tactic in cyberattacks, using PowerShell to hijack devices.

This technique is a departure from their usual methods and leverages social engineering to trick victims into running malicious PowerShell commands.

How the Attack Works:

The attacker masquerades as a South Korean government official and builds rapport with the target. Then, they send a spear-phishing email containing a malicious PDF attachment.

Inside the document, the victim is urged to click a URL that directs them to a list of steps to register their Windows system.

This registration link asks the victim to run PowerShell as an administrator and paste a malicious code snippet into the terminal.

Impact of the Exploit:

If executed, the code downloads a browser-based remote desktop tool and a certificate file with a hardcoded PIN from a remote server.

This allows the attacker to register the victim’s device, gaining access to it for data exfiltration.

This spear-phishing method enables the hackers to bypass security protections, relying on the victim to infect their own system.

This tactic aligns with the growing trend of attacks where the target unknowingly aids in compromising their own device, making it harder to detect and prevent.

Microsoft has reported these attacks starting in January 2025, although similar strategies have been used by other threat actors, including those behind the Contagious Interview campaign.

This incident underscores the evolving tactics of cybercriminals and highlights the need for greater vigilance, particularly when receiving suspicious emails.

Written by
Sazid Kabir

I've loved music and writing all my life. That's why I started this blog. In my spare time, I make music and run this blog for fellow music fans.

Related Articles

Microsoft
TechAI

Microsoft’s Chief Product Officer Reassures Coders Amid Layoffs: AI Is Transforming, Not Replacing, Software Development

Microsoft’s Chief Product Officer, Aparna Chennapragada, recently addressed concerns surrounding the future...

Qualcomm Snapdragon Processor
Tech

Qualcomm Faces Legal Setback as Judge Allows Patent Lawsuit Over Snapdragon Chips to Proceed

Qualcomm is in legal trouble after a judge refused to dismiss a...

intel
Tech

Intel Confirms Arrow Lake-S Refresh CPUs With LGA 1851 & 800-Series Motherboard Compatibility

Intel’s next round of desktop CPUs — the Arrow Lake-S Refresh under...

Nvidia CEO Jensen Huang at CES 2025
Tech

NVIDIA CEO Confirms Huawei’s CloudMatrix Matches Grace Blackwell, Admits They Can’t Be Stopped

NVIDIA CEO Jensen Huang has publicly acknowledged that Huawei’s AI hardware has...