📢 Medium severity: Kimsuky APT targets South Korea with new HttpTroy backdoor, delivered via spear-phishing (fake VPN invoice ZIP). Multi-stage infection, advanced persistence (AhnlabUpdate task), obfuscation, C2 at load.auraria[.]org. Defend with EDR & phishing awareness. https://radar.offseq.com/threat/new-httptroy-backdoor-poses-as-vpn-invoice-in-targ-ff3cda7c #OffSeq #Phishing #ThreatIntel #Kimsuky