Kimsuky Employs HTTPSpy, HelloDoor and VS Code Tunnels in New Campaigns

Colleagues, I’d like to draw attention to a cybersecurity development.
ENKI and Kaspersky have documented Kimsuky campaigns: actors disguise HTTPSpy as installers for Korean security tools and distribute them via fake Webex pages and messaging services.
Key points:
- HTTPSpy, HelloDoor, HttpMalice and others provide RAT capabilities, data exfiltration and persistence.
- Techniques: execution via regsvr32/PowerShell, JSONPing for execution checks, abuse of VS Code tunnels and DWAgent.
- Targets: military and corporate networks in South Korea; likely focus on administrators and GPKI credential theft.
Why it matters: the blend of social engineering and legitimate channels complicates detection and response.
Which defensive measures do you prioritize?
#cybersecurity #APT #infosec #malware


Latest comments
No comments yet.