OTX Bot

DPRK-Related Campaigns with LNK and GitHub C2

FortiGuard Labs recently detected a series of LNK files targeting users in South Korea. These attacks use a multi-stage scripting process and leverage GitHub as Command and Control (C2) infrastructure to evade detection. Although these LNK files can be traced back to 2024, earlier versions had less obfuscation and contained significant metadata, allowing us to track similar attacks spreading the XenoRAT malware.

Pulse ID: 69cfceee4f7a6c4305b3d1a4
Pulse Link: https://otx.alienvault.com/pulse/69cfceee4f7a6c4305b3d1a4
Pulse Author: AlienVault
Created: 2026-04-03 14:30:06

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DPRK #FortiGuard #FortiGuardLabs #GitHub #InfoSec #Korea #LNK #Malware #OTX #OpenThreatExchange #RAT #SouthKorea #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
Apr 3 at 5:02pmWeb