LNK - Cybersec Sentinel

LNK

A collection of 3 posts

MoonPeak and the Growing Sophistication of DPRK Intrusions

MoonPeak and the Growing Sophistication of DPRK Intrusions

Threat Group UAT-5394 with strong tactical overlap to Kimsuky Threat Type Remote Access Trojan derived from XenoRAT delivered via weaponised LNK files and PowerShell droppers Exploited Vulnerabilities Windows LNK execution trust abuse, PowerShell execution policy bypass, LOTS and LOLBins abuse, trusted cloud and code hosting platforms Malware Used MoonPeak RAT

Gamaredon Revives Remcos RAT in Fileless LNK Shortcut Attacks

Gamaredon Revives Remcos RAT in Fileless LNK Shortcut Attacks

$Threat Group: Gamaredon (a.k.a. Primitive Bear, UAC‑0010/UAC‑0184, Hive0156) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: LNK shortcut execution, mshta abuse, PowerShell scripting, DLL sideloading Malware Used: Remcos RAT v6.0.0 Pro Threat Score: 🔴 High (7.5/10) – Due to fileless in-memory execution, sophisticated

Christmas-Themed LNK Files Used for Malware Delivery

Christmas-Themed LNK Files Used for Malware Delivery

Threat Group: Various Cybercriminal Entities Threat Type: Malware Delivery via LNK Files Exploited Vulnerabilities: Abuse of Windows LNK File Functionality Malware Used: Emotet, Ursnif, Qakbot, IcedID Threat Score: High (8.5/10) – Due to the deceptive nature of LNK files masquerading as legitimate documents, increased holiday-themed phishing campaigns, and the