{"id":212050,"date":"2025-04-22T02:13:49","date_gmt":"2025-04-22T07:13:49","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/04\/kimsuky-exploits-bluekeep-rdp-vulnerability-to-breach-systems-in-south-korea-and-japan"},"modified":"2025-04-22T02:13:49","modified_gmt":"2025-04-22T07:13:49","slug":"kimsuky-exploits-bluekeep-rdp-vulnerability-to-breach-systems-in-south-korea-and-japan","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/04\/kimsuky-exploits-bluekeep-rdp-vulnerability-to-breach-systems-in-south-korea-and-japan","title":{"rendered":"Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/kimsuky-exploits-bluekeep-rdp-vulnerability-to-breach-systems-in-south-korea-and-japan2.jpg\"><\/a><\/p>\n<p>Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as <a href=\"https:\/\/thehackernews.com\/2025\/02\/north-korean-hackers-exploit-powershell.html\" rel=\"noopener\" target=\"_blank\">Kimsuky<\/a> that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access.<\/p>\n<p>The activity has been named <strong>Larva-24005<\/strong> by the AhnLab Security Intelligence Center (ASEC).<\/p>\n<p>\u201cIn some systems, initial access was gained through exploiting the RDP vulnerability (BlueKeep, CVE-2019\u20130708),\u201d the South Korean cybersecurity company <a href=\"https:\/\/asec.ahnlab.com\/en\/87554\/\" rel=\"noopener\" target=\"_blank\">said<\/a>. \u201cWhile an RDP vulnerability scanner was found in the compromised system, there is no evidence of its actual use.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC). \u201cIn some systems, initial access was gained through exploiting [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1694],"tags":[],"class_list":["post-212050","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-electronics"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/212050","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=212050"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/212050\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=212050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=212050"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=212050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}