Security News > 2022 > February > Kimsuki hackers use commodity RATs with custom Gold Dragon malware
South Korean researchers have spotted a new wave of activity from the Kimsuky hacking group, involving commodity open-source remote access tools dropped with their custom backdoor, Gold Dragon.
A sophisticated threat actor may choose to use commodity RATs because, for basic reconnaissance operations, these tools are perfectly adequate and don't require much configuration.
Commodity RATs blend in with activity from a broad spectrum of threat actors, making it harder for analysts to attribute malicious activity to a particular group.
Gold Dragon is a second-stage backdoor that Kimsuky typically deploys after a file-less PowerShell-based first-stage attack that leverages steganography.
"The attacker installed Gold Dragon through the exclusive installer. The installer downloads Gold Dragon compressed in the form of a Gzip file from the attacker's server, decompresses it as"in.
" - ASEC. Next, the installer adds a new registry key to establish startup persistence for the malware payload. Finally, Kimsuky drops an uninstaller that can delete the traces of compromise if and when needed.
News URL
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)