Security News > 2021 > November > North Korean cyberspies target govt officials with custom malware
A state-sponsored North Korean threat actor tracked as TA406 was recently observed deploying custom info-stealing malware in espionage campaigns.
The phishing emails sent by TA406 commonly use lures about nuclear safety, politics, and Korean foreign policy, while targeting high-ranking elected officials.
Starting in January 2021, TA406 began dropping malware payloads via phishing emails leading to 7z archives.
In June 2021, TA406 began deploying a custom malware named 'FatBoy,' which dropped as an HTML attachment on the victim's disk.
A notable TA406 malware fetched by the downloaded malware is 'YoreKey,' a custom Windows keylogger masquerading as MetaTrader 4 Manager, a legitimate electronic trading platform.
With the wide range of malicious activity conducted by the TA406 and Kimsuky hackers, we should continue to see them conducting further attacks on behalf of the North Korean government.
News URL
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)