N. Korean Hacking Group Has New Malware

Uploaded on 2020-11-13 in FREE TO VIEW

North Korean government-linked hackers have refined their malware tools and expanded their target lists over the past two years. New research from Kaspersky says the North Korean threat actor called Kimusky, have devoted “significant resources” to improving their capabilities and have been attacking governments.  The  Israeli cyber defense company Cybereason also says that it has discovered new malware and spyware also being used  Kimusky. 

Kimusky has spied on governments and private entities in the US, Europe, Japan, South Korea and Russia. Now the researchers have discovered new North Korean malware being used to drive information-stealing attacks against COVID-19 vaccine makers, human rights and other targets.

Kimsuky has been using some new malware in attacks on government agencies and human rights activists.
The attackers, which are also known as Black Banshee, Velvet Chollima, and Thallium, seems to have been active since at least 2012. Previously they mainly targeting think tanks in South Korea, but more recently they have expanded operations to attack the US, Europe, and Russia.

In a newly published Report, Cybereason provides details on two new malware families associated with Kimsuky, namely a previously undocumented modular spyware called KGH, and a new malware downloader called CSPY Downloader. 

KGH is spread via weaponised Word documents in phishing emails and containing multiple spyware modules. Recipients are encouraged to open the attachment, which purports to contain either an interview with a North Korean defector or a letter addressed to former Japanese Prime Minister, Shinzo Abe.

The new malware has already been used in attacks targeting government agencies and human rights activists. Alongside COVID-19 vaccine makers, the group has apparently targeted the UN Security Council, South Korean government, research institutes, think tanks, journalists and the military.

The malware helps attackers determine whether the target system is open to be compromise, and allows them to deploy additional payloads.The new tools show coding to be similar to an earlier Kimsuky malware that the hackers have used in earlier attacks. 

The hacking malware performs keylogging, download additional payloads, and execute arbitrary code, in addition to stealing information from applications such as Chrome, Edge, Firefox, Opera, Thunderbird, and Winscp. 

CSPY Downloader runs a series of checks to determine if a form of debugger is present in the targeted system. Also the document that drops the downloader performs similar checks.

Investigation into the new malware reveals that the attackers modified the creation/compilation timestamps of their new tools, to appear they were created in 2016. “The threat actors invested efforts in order to remain under the radar, by employing various anti-forensics and anti-analysis techniques which included backdating the creation/compilation time of the malware samples to 2016, code obfuscation, anti-VM and anti-debugging techniques...report, some of the samples mentioned in the report are still not detected by any AV vendor,” Cybereason say.

CERT-CISA:         Israel  Defense:        Security Week:        Cyberscoop:           Infosecurity Magazine:

You Might Also Read: 

Russian Turla Hackers Specialise In Attacking  Government Agencies:

 

« Game-Changing Cyber Security Technology
Using Artificial Intelligence In Business »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Nation-E

Nation-E

Nation-E offers innovative cyber security solutions for industrial installations, critical infrastructure and smart grids.

Tigera

Tigera

Tigera provides zero-trust network security and continuous compliance for Kubernetes platforms that enables enterprises to meet their security and compliance requirements.

infySEC

infySEC

InfySEC is an information security services organization offering Security Technology services, Security Consulting, Security Training, Research & Development.

Calero Software

Calero Software

Calero is a leading global provider of Communications and Cloud Lifecycle Management (CLM) solutions designed to simplify the management of voice, mobile and other unified communications services.

Combis

Combis

COMBIS is a regional high-tech ICT company focused on the development of application, communication, security and system solutions and the provision of services.

BlackRidge Technology

BlackRidge Technology

BlackRidge Technology develops, markets and supports a family of products that provide a next generation cyber security solution for protecting enterprise networks and cloud services.

NexGenT

NexGenT

NexGenT have combined military-style training with decades of network engineering and cyber security experience into an immersive program to get people into cyber security fast and effectively.

Digital Pathways

Digital Pathways

Digital Pathways is an award-winning data security provider that helps businesses protect their digital assets.

SecureStream Technologies

SecureStream Technologies

SecureStream Technologies have built the IoT SafetyNet - the Network Security Analytics platform to Eliminate Security Threats, Guarantee Privacy, Ensure Compliance, Simply & Easily.

Eunetic

Eunetic

Eunetic IT security solutions - we secure your websites, emails, domains and data.

Babble

Babble

Babble is a Unified Comms, Contact Centre and Cyber Solutions provider. We believe in making next-generation technology simple to use, deploy and manage.

Tozny

Tozny

Tozny offers products with security and privacy in mind that are built on the foundation of end-to-end encryption, and open-source verifiable software.

ASMGi

ASMGi

ASMGi is a managed services, security and GRC solutions, and software development provider.

NeuroID

NeuroID

NeuroID combines the power of industry-leading behavioral analytics with advanced device and network intelligence to create your first line of defense against malicious bots, bad actors, and fraud.

Forthright Technology Partners

Forthright Technology Partners

Forthright Technology Partners (Forthright) is a next-generation cloud and managed IT services provider serving a global clientele.

Hurricane Labs

Hurricane Labs

Hurricane Labs is a managed security services provider (MSSP) that focuses on Splunk.