A North Korean hacker group known as Kimsuki has recently targeted research institutes in South Korea, according to a report by AhnLab Security Emergency Response Center (ASEC). The attacks carried out by the group aim to infect compromised systems with backdoors, enabling the theft of information and remote execution of commands.
The attack chain begins with the distribution of a JSCRIPT ENCODED File disguised as imported declarations. Hidden within the file are PowerShell scripts, encrypted data, and a PDF format document. This stage involves using the distraction of opening the PDF file while the PowerShell script runs in the background.
Backdoors can be introduced into software during its development or through the use of malicious software. Once implanted, backdoors allow for espionage activities and remote control of the infected system or device.