Security News > 2020 > November > New Kimsuky Module Makes North Korean Spyware More Powerful
A week after the US government issued an advisory about a "Global intelligence gathering mission" operated by North Korean state-sponsored hackers, new findings have emerged about the threat group's spyware capabilities.
The APT - dubbed "Kimsuky" and believed to be active as early as 2012 - has been now linked to as many as three hitherto undocumented malware, including an information stealer, a tool equipped with malware anti-analysis features, and a new server infrastructure with significant overlaps to its older espionage framework.
In recent months, Kimsuky has been attributed to a number of campaigns using coronavirus-themed email lures containing weaponized Word documents as their infection vector to gain a foothold on victim machines and launch malware attacks.
Now according to Cybereason, the threat actor has acquired new capabilities via a modular spyware suite called "KGH SPY," allowing it to carry out reconnaissance of target networks, capture keystrokes, and steal sensitive information.
Lastly, Cybereason researchers unearthed a new toolset infrastructure registered between 2019-2020 that overlaps with the group's BabyShark malware used to previously target US-based think tanks.