As news spread that COVID’19 patients recently got shot in North Korea, The Kimsuky APT group from North Korea used the controversy to trap curious victims. The APT is spreading a .doc document titled “COVID-19 and North Korea” to lure its targets into opening the malicious document. Apart from the document, other indicators of compromise have also been retrieved that indicate an infection chain from the Kimsuky APT group. The Kimsuky group is a North Korean APT group, also known by other names including Velvet Chollima and Black Banshee, and sometimes perceived to be state-sponsored, generating revenues with its malicious activities.
COVID-19 and North Korea[.]docx