Prevailion, a Maryland-based cybersecurity firm, has identified a hacking group with ties to North Korea targeting U.S. entities that discuss nuclear deterrence, North Korea’s nuclear submarine program, and economic sanctions on the North Korean regime.
The hacking group has started placing its malware in obscure file formats, namely Kodak FlashPix (FPX) files, to evade antivirus detection products. The FPX files are embedded in Microsoft Word documents that are sent to victims, which are then launched via macro commands. Prevailion links this activity to a group known as Kimsuky or Smoke Screen, with moderate confidence.
Read more: North Korean hackers target U.S. entities amid stalled denuclearization talks