The nation-state cybercriminal organization associated with North Korea, referred to as Kimsuky, has been spotted executing spear-phishing campaigns to deploy an information theft malware called forceCopy, based on recent discoveries from the AhnLab Security Intelligence Center (ASEC).
These assaults initiate with phishing emails that include a Windows shortcut (LNK) file masquerading as a Microsoft Office or PDF document.