Back

North Korean Hackers Target Pharma Firms with Weaponized Excel Malware

Severity: High (Score: 72.6)

Sources: Gbhackers, Cybersecuritynews

Summary

North Korean state-backed hackers, specifically the Kimsuky group, have initiated a targeted campaign against pharmaceutical and life science companies. The attackers utilize weaponized Excel files, disguised as legitimate documents, to deploy malware and gain unauthorized access to systems. The spear-phishing emails are crafted to appear relevant to the recipients, often referencing topics like ERP specifications. This campaign exploits Windows shortcut files, PowerShell, and cloud storage to facilitate stealthy data theft. The precise number of affected organizations is not disclosed, but the scope includes major drug manufacturers. The ongoing threat emphasizes the need for heightened security measures within the pharmaceutical sector. Current status indicates active exploitation of these tactics by the Kimsuky group. Key Points: • North Korean Kimsuky group targets pharmaceutical companies with malware. • Attack method involves weaponized Excel files and spear-phishing emails. • Campaign exploits Windows shortcuts and PowerShell for stealthy data theft.

Key Entities

  • Kimsuky (apt_group)
  • Malware (attack_type)
  • Phishing (attack_type)
  • T1059.001 - PowerShell (mitre_attack)
  • T1566.001 - Spearphishing Attachment (mitre_attack)
  • T1567 - Exfiltration Over Web Service (mitre_attack)
  • Windows (platform)
  • PowerShell (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed