SmokeLoader Malware Targets Taiwan; Kimsuky Hackers Use Corrupted Office Docs and Russian Emails for Credential Theft

Recent cybersecurity reports indicate a resurgence of the SmokeLoader malware, which is now targeting manufacturing and IT sectors in Taiwan. Additionally, the North Korean hacking group Kimsuky has adopted new tactics, utilizing Russian email services to disguise phishing attacks aimed at credential theft. These campaigns have been noted for their use of corrupted Microsoft Office documents and ZIP files, which allow them to evade traditional email defenses and antivirus software. Experts have highlighted that this method of using corrupted files is a novel strategy to bypass security measures, posing a significant threat to organizations. Furthermore, a separate spear-phishing campaign has been identified, targeting tech executives through DocuSign emails.