How 'Kimsuky' hackers ensure their malware only reach valid targets

2022-08-25 22:33

The North Korean 'Kimsuky' threat actors are going to great lengths to ensure that their malicious payloads are only downloaded by valid targets and not on the systems of security researchers.

According to a Kaspersky report published today, the threat group has been employing new techniques to filter out invalid download requests since the start of 2022, when the group launched a new campaign against various targets in the Korean peninsula.

The new safeguards implemented by Kimsuky are so effective that Kaspersky reports an inability to acquire the final payloads even after they are successfully connected to the threat actor's command and control server.

Kaspersky was able to compile a list of potential targets thanks to retrieved C2 scripts containing partial email addresses of targets.

"The author's intent here is to operate a dedicated fake blog for each victim, thereby decreasing the exposure of their malware and infrastructure."

Kimsuky is a very sophisticated threat actor recently seen deploying custom malware and using Google Chrome extensions to steal emails from victims.

News URL

https://www.bleepingcomputer.com/news/security/how-kimsuky-hackers-ensure-their-malware-only-reach-valid-targets/

#hacker #malware

News URL

Related news