North Korean hackers from the Kimsuky group are utilizing a sophisticated social engineering attack through fake Facebook accounts to target activists in North Korea and anti-North Korea sectors, using Messenger to distribute malware-laden documents hosted on OneDrive disguised as Microsoft Common Console files, with the intention of infiltrating victim's systems, exfiltrating data to a command-and-control server, and potentially targeting specific individuals in Japan and South Korea. This attack method, differing from conventional email spear-phishing, highlights the group's evolving tactics to exploit social media platforms for stealthier operations, with the decoy files camouflaged as innocuous Word documents to dupe victims into activating the malware, showcasing the group's adeptness in leveraging unconventional document types and signaling potential collaboration between North Korea and specific targets outside its borders.
https://thehackernews.com/2024/05/north-korean-hackers-exploit-facebook.html