Kimsuky Exploits Legitimate Certificate to Disseminate TrollAgent

Summary:

The Kimsuky group, backed by North Korea, used TrollAgent malware via a fake security program to target a Korean construction association’s website, stealing data and enabling remote control between December 2023 and January 2024.

Threat Level – Amber | Attack Report

For a detailed threat advisory, download the pdf file here

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.