Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access.

The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC).

“In some systems, initial access was gained through exploiting the RDP vulnerability (BlueKeep, CVE-2019–0708),” the South Korean cybersecurity company said. “While an RDP vulnerability scanner was found in the compromised system, there is no evidence of its actual use.”