Security News > 2023 > February > Cyber Espionage Group Earth Kitsune Deploys WhiskerSpy Backdoor in Latest Attacks
The cyber espionage threat actor tracked as Earth Kitsune has been observed deploying a new backdoor called WhiskerSpy as part of a social engineering campaign.
The differentiating factor in the latest attacks is a shift to social engineering to trick users into visiting compromised websites related to North Korea, according to a new report from Trend Micro released last week.
Earth Kitsune is not the only threat actor to go after Japanese targets, for the cybersecurity company also detailed another intrusion set codenamed Earth Yako striking research organizations and think tanks in the country.
"The intrusion set introduced new tools and malware within a short period of time, frequently changing and expanding its attack targets," Trend Micro said, pointing out Earth Yako's modus operandi of "Actively changing their targets and methods."
The exact origins of Earth Yako remain unknown, but Trend Micro said it identified partial technical overlaps between the group and other threat actors like Darkhotel, APT10, and APT29.
"One of the characteristics of the recent targeted attacks is that they shifted to targeting the individuals considered to have relatively weak security measures compared to companies and other organizations," the company said.
News URL
https://thehackernews.com/2023/02/north-korean-cyber-espionage-group.html
Related news
- GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities (source)
- How Lazarus Group built a cyber espionage empire (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign (source)