Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Kimusuki exploits Bluekeep RDP vulnerability to South Korea and Japan systems
Global Security

Kimusuki exploits Bluekeep RDP vulnerability to South Korea and Japan systems

AdminBy AdminApril 21, 2025No Comments2 Mins Read
BlueKeep RDP Vulnerability
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


April 21, 2025Red LakshmananMalicious software / vulnerability

Bluekeep RDP vulnerability

Cybersecurity researchers have marked a new malicious campaign associated with the North Korean state actor known as Kimas This exploits now, which is a vulnerability that affects Microsoft’s desktop services to gain initial access.

Activities has been named Larva-24005 In the center of the AHNLAB security intelligence (ASEC).

“In some systems, the initial access was obtained from the operation of the RDP (Bluekeep, Cve-2019-0708), South Korean Cybersecurity Company – Note. “While the compromised system found the RDP vulnerability, no evidence of its actual use.”

Cybersecurity

Cve-2019-0708 (CVSS’s assessment: 9.8) – this Critical worm error In remote desktop services that could include the removed code, allowing unauthorized attackers to install arbitrary programs, access to data, and even create new user rights accounts.

However, in order for the opponent to use the deficiency, they would need to send a specially designed request to the remote desktop target through RDP. It was fixed by Microsoft in May 2019.

Bluekeep RDP vulnerability

Another initial access vector taken by the actor threats is to use Phishing mail Built -in files that cause the vulnerability of the equation (Cve-2017-1188CVS’s assessment: 7.8).

After accessing access, the attackers continue to use a dropper to install the malicious software called MySpy, and the RDPWRAP tool called RDPWRAP, in addition to changing the system settings to ensure RDP access. Myspy is designed to collect system information.

Cybersecurity

Attack ends with a key deployment such as Kimalogger and Casual part To capture the key.

The company is estimated that since October 2023 since October 2023, since October 2023 in South Korea and Japan, mostly software, energy and financial sector. Some of other countries aimed at the group include the US, China, Germany, Singapore, South Africa, the Netherlands, Mexico, Vietnam, Belgium, the United Kingdom, Canada, Thailand and Palland.

Found this article interesting? Keep track of us further Youter  and LinkedIn To read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025

New data Wiper Pathwiper Data Wiper violates Ukrainian critical infrastructure in 2025 attack

June 6, 2025

Popular Chrome Extensions API leaks, user data via HTTP and Hard Codes

June 5, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.