Security News > 2021 > June > Researchers Uncover Hacking Operations Targeting Government Entities in South Korea
A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information.
Cybersecurity firm Malwarebytes attributed the activity to a threat actor tracked as Kimsuky, with the targeted entities comprising of the Ministry of Foreign Affairs, Ambassador of the Embassy of Sri Lanka to the State, International Atomic Energy Agency Nuclear Security Officer, and the Deputy Consul General at Korean Consulate General in Hong Kong.
Believed to be operating on behalf of the North Korean regime, Kimsuky has a track record of singling out South Korean entities while expanding their victimology to the U.S., Russia, and various nations in Europe.
In using social engineering as a core component of its operations, the goal is to distribute a malware dropper that takes the form of a ZIP archive file attached to the emails, which ultimately leads to the deployment of an encoded DLL payload called AppleSeed, a backdoor that's been put to use by Kimsuky as early as 2019.
"Besides using the AppleSeed backdoor to target Windows users, the actor also has used an Android backdoor to target Android users," Jazi noted.
"The Android backdoor can be considered as the mobile variant of the AppleSeed backdoor. It uses the same command patterns as the Windows one. Also, both Android and Windows backdoors have used the same infrastructure."