THE Kimsuky HttpSpy malware campaign targets South Korean military and corporate entities, employing advanced social engineering tactics and real-time tracking. Threat actors create deceptive websites mimicking legitimate services to distribute malware. They exploit online meeting platforms like Webex by gathering meeting information from compromised accounts, increasing the authenticity of their phishing attempts. The campaign features a novel JSONPing execution check, allowing real-time monitoring of infections.
The malware operates via a complex three-stage architecture, which includes an installer, a stealth loader, and a remote access trojan module, enabling remote command execution and data manipulation. Defenses against these threats include verifying URLs and practicing good digital hygiene.