Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Researchers have uncovered new techniques of North Korean cyberspies.
Researchers from Palo Alto Networks have recorded the fresh activity of the North Korean hacker group Kimsuky, which used two new malware samples in its attacks - KLogEXE and FPSpy. Experts say that these programs expand the group's arsenal, demonstrating evolution and growing capabilities.
The Kimsuky group, also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, and Velvet Chollima, has been operating since 2012 and specializes in spear phishing — sending malicious emails under the guise of messages from trusted sources.
According to Assaf Dahan, director of threat research at Palo Alto Networks, new malware is distributed primarily through phishing attacks. Hackers use carefully crafted emails with content that prompts the victim to open a ZIP file in which the malicious files are hidden. Once they are launched, an infection chain is activated, eventually leading to the download of KLogEXE and FPSpy.
KLogEXE is a C++ version of the InfoKey keylogger that was previously spotted as part of the Kimsuky campaign against Japanese organizations. FPSpy is a variant of the backdoor first discovered in 2022 by ASEC, with features similar to the KGH_SPY malware described by Cyberseason in 2020.
Both malware are equipped with functions to collect data about the applications running on the infected device, intercept keystrokes and mouse clicks, and collect system information. FPSpy is also capable of downloading and performing additional downloads, running arbitrary commands, and analyzing disks, folders, and files on the infected device.
Unit 42 researchers found that there are similarities in the source code of KLogEXE and FPSpy that indicate their common development. The main targets of the current Kimsuky campaign are organizations from Japan and South Korea, and according to Dahan, this activity is targeted, affecting only certain countries and industries.
The continuous improvement of hacker groups underscores the need for continuous learning and adaptation of protective measures. As in nature, where predators and prey evolve together, there is a continuous race between attackers and defenders in the digital space. Only by understanding this dynamic and investing in the development of security skills and technologies will organizations be able to ensure their security.
Source
Researchers from Palo Alto Networks have recorded the fresh activity of the North Korean hacker group Kimsuky, which used two new malware samples in its attacks - KLogEXE and FPSpy. Experts say that these programs expand the group's arsenal, demonstrating evolution and growing capabilities.
The Kimsuky group, also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, and Velvet Chollima, has been operating since 2012 and specializes in spear phishing — sending malicious emails under the guise of messages from trusted sources.
According to Assaf Dahan, director of threat research at Palo Alto Networks, new malware is distributed primarily through phishing attacks. Hackers use carefully crafted emails with content that prompts the victim to open a ZIP file in which the malicious files are hidden. Once they are launched, an infection chain is activated, eventually leading to the download of KLogEXE and FPSpy.
KLogEXE is a C++ version of the InfoKey keylogger that was previously spotted as part of the Kimsuky campaign against Japanese organizations. FPSpy is a variant of the backdoor first discovered in 2022 by ASEC, with features similar to the KGH_SPY malware described by Cyberseason in 2020.
Both malware are equipped with functions to collect data about the applications running on the infected device, intercept keystrokes and mouse clicks, and collect system information. FPSpy is also capable of downloading and performing additional downloads, running arbitrary commands, and analyzing disks, folders, and files on the infected device.
Unit 42 researchers found that there are similarities in the source code of KLogEXE and FPSpy that indicate their common development. The main targets of the current Kimsuky campaign are organizations from Japan and South Korea, and according to Dahan, this activity is targeted, affecting only certain countries and industries.
The continuous improvement of hacker groups underscores the need for continuous learning and adaptation of protective measures. As in nature, where predators and prey evolve together, there is a continuous race between attackers and defenders in the digital space. Only by understanding this dynamic and investing in the development of security skills and technologies will organizations be able to ensure their security.
Source
