Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea

Summary by IT Security News - Cybersecurity, Infosecurity News
The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea. Gen Digital, which disclosed details of the activity, did not reveal any details on when the incident occurred, but noted that the phishing email contained a ZIP file (“250908_A_HK이노션 This article has been indexed from The Hacker News Read …
DisclaimerThis story is only covered by news sources that have yet to be evaluated by the independent media monitoring agencies we use to assess the quality and reliability of news outlets on our platform. Learn more here.

5 Articles

ts2.techts2.tech

North Korea’s ‘HttpTroy’ Backdoor Exposed – Inside the Stealth Hack Shaking Cybersecurity and Stocks

Kimsuky’s “HttpTroy” – A Fake VPN Invoice with a Real Backdoor A new threat actor playbook has emerged from North Korea’s shadowy cyber-espionage operations. In early November 2025, researchers revealed that the DPRK-linked group Kimsuky (aka Velvet Chollima or Thallium) deployed a previously unknown malware dubbed “HttpTroy.” The twist? Kimsuky’s hackers delivered this backdoor under the guise of an innocuous VPN invoice email webpronews.com. T…

Read Full Article
unsafe.shunsafe.sh

A New Httptroy Backdoor Program Launched a Targeted Cyberattack Against South Korea.

The article describes the cause of error code 521 and its impact on website access, pointing out that the problem is usually caused by abnormal server connections or network configuration errors.

Read Full Article
WebProNewsWebProNews

North Korean Kimsuky Deploys HttpTroy Backdoor in VPN Phishing Attacks

In the shadowy world of state-sponsored cyber espionage, a new threat has emerged that underscores the evolving tactics of North Korean hackers. Cybersecurity researchers have uncovered a sophisticated backdoor malware dubbed HttpTroy, which masquerades as an innocuous VPN invoice to infiltrate systems in South Korea. This campaign, attributed to the notorious Kimsuky group, highlights how attackers are leveraging everyday business lures to achi…

Read Full Article
The Hacker NewsThe Hacker News
Reposted by
IT Security News - cybersecurity, infosecurity newsIT Security News - cybersecurity, infosecurity news

New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea

The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea. Gen Digital, which disclosed details of the activity, did not reveal any details on when the incident occurred, but noted that the phishing email contained a ZIP file ("250908_A_HK이노션

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • There is no tracked Bias information for the sources covering this story.

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

The Hacker News broke the news in on Monday, November 3, 2025.
Sources are mostly out of (0)

Similar News Topics

Stock Markets icon

Stock Markets

South Korea icon

South Korea

South Korea Economy icon

South Korea Economy

News
For You
SearchBlindspotLocal