Kimsuky exploits BlueKeep RDP vulnerability to breach systems in South Korea and Japan

Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access.

The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC).

“In some systems, initial access was gained through exploiting the RDP vulnerability (BlueKeep, CVE-2019-0708),” the South Korean cybersecurity company said. “While an RDP vulnerability scanner was found in the compromised system, there is no evidence of its actual use.”

Read more at The Hacker News