North Korea’s Kimsuky Attacks Rivals' Trusted Platforms

North Korean threat group Kimsuky, known for its prolific cyberattacks on South Korea and the US, is using living-off-the-land techniques and trusted services like Dropbox to evade detection. The DEEP#DRIVE campaign, targeting South Korean government agencies and businesses, demonstrates Kimsuky’s improved operational security, including OAuth-based authentication and quick infrastructure dismantling. To mitigate risks, organizations should disable hidden file extensions, block shortcut file execution, and bolster email security with employee phishing training.