![iFixit Tears Down New M4 MacBook Air [Video]](https://www.iclarified.com/images/news/96717/96717/96717-640.jpg)
![Apple Officially Announces Return of 'Ted Lasso' for Fourth Season [Video]](https://www.iclarified.com/images/news/96710/96710/96710-640.jpg)
![[Update: Fix] Chromecast (2nd gen) and Audio can’t Cast in ‘Untrusted’ outage](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2019/08/chromecast_audio_1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
.jpg?#)
Hackers Trick You To Run PowerShell As Admin & Paste Their Code to Hack Windows
Microsoft Threat Intelligence has uncovered a new tactic employed by the North Korean state-sponsored hacking group Emerald Sleet, also known as Kimsuky or VELVET CHOLLIMA. The group is leveraging social engineering techniques to trick victims into running PowerShell commands as administrators, enabling them to compromise devices and exfiltrate sensitive data. Emerald Sleet’s latest approach involves […] The post Hackers Trick You To Run PowerShell As Admin & Paste Their Code to Hack Windows appeared first on Cyber Security News.
Microsoft Threat Intelligence has uncovered a new tactic employed by the North Korean state-sponsored hacking group Emerald Sleet, also known as Kimsuky or VELVET CHOLLIMA.
The group is leveraging social engineering techniques to trick victims into running PowerShell commands as administrators, enabling them to compromise devices and exfiltrate sensitive data.
Emerald Sleet’s latest approach involves impersonating South Korean government officials to build trust with their targets over time.
Once rapport is established, the hackers send spear-phishing emails containing PDF attachments. These emails direct victims to click on a URL under the guise of registering their devices to access the attached document.
“To read the PDF file attached to the email, the target is lured to click a URL with instructions to register their device. The registration link has instructions to open PowerShell as an administrator and paste code provided by Emerald Sleet.” Microsoft Stated in X post.
The registration process includes explicit instructions for opening PowerShell as an administrator and pasting in code provided by the attackers.
If executed, the code installs a browser-based remote desktop tool and downloads a certificate file with a hardcoded PIN from a remote server.
Device Registration and Exploitation
After installing the malicious tools, the code sends a web request to a remote server, registering the victim’s device using the downloaded certificate and PIN.
This grants Emerald Sleet unauthorized access to the compromised system, allowing them to conduct espionage and steal sensitive information.
Microsoft reports that this tactic has been observed in limited attacks since January 2025, signaling a shift in Emerald Sleet’s methods for targeting traditional espionage victims.
The group primarily focuses on individuals working in international affairs particularly those related to Northeast Asia as well as NGOs, government agencies, media outlets, and other organizations across North America, South America, Europe, and East Asia.
Microsoft is actively notifying customers who have been targeted or compromised by this activity. The company’s Defender XDR platform is capable of detecting Emerald Sleet’s tactics. To counter such threats, Microsoft recommends:
- Investing in advanced anti-phishing solutions to detect and block malicious emails.
- Training users on recognizing phishing attempts and avoiding suspicious URLs.
- Applying attack surface reduction rules to block common attack techniques like malicious scripts.
This incident underscores the importance of vigilance against evolving cyber threats, particularly those targeting high-value individuals and organizations involved in sensitive international matters.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Hackers Trick You To Run PowerShell As Admin & Paste Their Code to Hack Windows appeared first on Cyber Security News.
