Kimsuky Exploits Legitimate Certificate to Disseminate TrollAgent
Kimsuky Exploits Legitimate Certificate to Disseminate TrollAgent
Summary:
The Kimsuky group, backed by North Korea, used TrollAgent malware via a fake security program to target a Korean construction association’s website, stealing data and enabling remote control between December 2023 and January 2024.
Threat Level – Amber | Attack Report
For a detailed threat advisory, download the pdf file here
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.