Security News > 2023 > February > Cyber Espionage Group Earth Kitsune Deploys WhiskerSpy Backdoor in Latest Attacks
The cyber espionage threat actor tracked as Earth Kitsune has been observed deploying a new backdoor called WhiskerSpy as part of a social engineering campaign.
The differentiating factor in the latest attacks is a shift to social engineering to trick users into visiting compromised websites related to North Korea, according to a new report from Trend Micro released last week.
Earth Kitsune is not the only threat actor to go after Japanese targets, for the cybersecurity company also detailed another intrusion set codenamed Earth Yako striking research organizations and think tanks in the country.
"The intrusion set introduced new tools and malware within a short period of time, frequently changing and expanding its attack targets," Trend Micro said, pointing out Earth Yako's modus operandi of "Actively changing their targets and methods."
The exact origins of Earth Yako remain unknown, but Trend Micro said it identified partial technical overlaps between the group and other threat actors like Darkhotel, APT10, and APT29.
"One of the characteristics of the recent targeted attacks is that they shifted to targeting the individuals considered to have relatively weak security measures compared to companies and other organizations," the company said.
- Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack (source)
- Hackers backdoor Windows devices in Sliver and BYOVD attacks (source)
- Defenders on high alert as backdoor attacks become more common (source)
- From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022 (source)