N. Korean Hacking Group Has New Malware

North Korean government-linked hackers have refined their malware tools and expanded their target lists over the past two years. New research from Kaspersky says the North Korean threat actor called Kimusky, have devoted “significant resources” to improving their capabilities and have been attacking governments.  The  Israeli cyber defense company Cybereason also says that it has discovered new malware and spyware also being used  Kimusky. 

Kimusky has spied on governments and private entities in the US, Europe, Japan, South Korea and Russia. Now the researchers have discovered new North Korean malware being used to drive information-stealing attacks against COVID-19 vaccine makers, human rights and other targets.

Kimsuky has been using some new malware in attacks on government agencies and human rights activists.
The attackers, which are also known as Black Banshee, Velvet Chollima, and Thallium, seems to have been active since at least 2012. Previously they mainly targeting think tanks in South Korea, but more recently they have expanded operations to attack the US, Europe, and Russia.

In a newly published Report, Cybereason provides details on two new malware families associated with Kimsuky, namely a previously undocumented modular spyware called KGH, and a new malware downloader called CSPY Downloader. 

KGH is spread via weaponised Word documents in phishing emails and containing multiple spyware modules. Recipients are encouraged to open the attachment, which purports to contain either an interview with a North Korean defector or a letter addressed to former Japanese Prime Minister, Shinzo Abe.

The new malware has already been used in attacks targeting government agencies and human rights activists. Alongside COVID-19 vaccine makers, the group has apparently targeted the UN Security Council, South Korean government, research institutes, think tanks, journalists and the military.

The malware helps attackers determine whether the target system is open to be compromise, and allows them to deploy additional payloads.The new tools show coding to be similar to an earlier Kimsuky malware that the hackers have used in earlier attacks. 

The hacking malware performs keylogging, download additional payloads, and execute arbitrary code, in addition to stealing information from applications such as Chrome, Edge, Firefox, Opera, Thunderbird, and Winscp. 

CSPY Downloader runs a series of checks to determine if a form of debugger is present in the targeted system. Also the document that drops the downloader performs similar checks.

Investigation into the new malware reveals that the attackers modified the creation/compilation timestamps of their new tools, to appear they were created in 2016. “The threat actors invested efforts in order to remain under the radar, by employing various anti-forensics and anti-analysis techniques which included backdating the creation/compilation time of the malware samples to 2016, code obfuscation, anti-VM and anti-debugging techniques...report, some of the samples mentioned in the report are still not detected by any AV vendor,” Cybereason say.

CERT-CISA:         Israel  Defense:        Security Week:        Cyberscoop:           Infosecurity Magazine:

You Might Also Read: 

Russian Turla Hackers Specialise In Attacking  Government Agencies:

 

« Game-Changing Cyber Security Technology
Using Artificial Intelligence In Business »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Huawei

Huawei

Huawei is a leading global ICT solutions provider. with end-to-end capabilities across the carrier networks, enterprise, consumer, and cloud computing fields.

Deductive Labs

Deductive Labs

Deductive Labs consulting services help customers with their technology, security and automation challenges.

Cologix

Cologix

Cologix provides reliable, secure, scalable data center and interconnection solutions from 24 prime interconnection locations across 9 strategic North American edge markets.

SySS

SySS

SySS is a market leader in penetration testing in Germany and Europe.

ECS

ECS

ECS is a leading information technology provider delivering cloud, cybersecurity, software development, IT modernization, and advanced science and engineering services.

Sheelds

Sheelds

Sheelds (formerly Arilou) was founded in 2012 with the mission of developing cyber-security technologies for automotive environments.

Gita Technologies

Gita Technologies

Gita Technologies works to create integrated solutions to the thorniest problems in the field of intelligence and cyber today.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

CryptoSec.info

CryptoSec.info

CryptoSec.info is a web resource focused on educating the beginners in the cryptocurrency space on how to properly secure their online assets from hackers and scammers.

SecureStrux

SecureStrux

SecureStrux are a cybersecurity consulting firm providing specialized services in the areas of compliance, vulnerability assessment, computer network defense, and cybersecurity strategies.

BlackhawkNest

BlackhawkNest

Blackhawk is the only cyber security solution on the market that combines network monitoring and incident response into a cohesive appliance.

Sentor Managed Security Services

Sentor Managed Security Services

Sentor Managed Security Services is a cybersecurity company that enables organizations to exist in a digitally connected world.

Chainguard

Chainguard

Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard are on a mission to make the software supply chain secure by default.

Cygna Labs

Cygna Labs

Cygna Labs is a software developer and one of the top three global DDI (DNS, DHCP, and IP address management) vendors.

Velum Labs

Velum Labs

Velum Labs is a cyber intelligence company that provides simple and non-intrusive, cloud and cyber intelligence solutions; built from a market-leading understanding of cyber-attack methodology.

Protecto

Protecto

Make privacy and governance effortless. Brakes allow you to drive faster. Stronger data privacy and security enable companies to unlock the full potential of the data.