Security News > 2023 > May > Kimsuky hackers use new recon tool to find security gaps
The North Korean Kimsuky hacking group has been observed employing a new version of its reconnaissance malware, now called 'ReconShark,' in a cyberespionage campaign with a global reach.
Previously, in August 2022, Kaspersky revealed another Kimsuky campaign targeting politicians, diplomats, university professors, and journalists in South Korea using a multi-stage target validation scheme that ensured only valid targets would be infected with malicious payloads.
After Microsoft disabled macros by default on downloaded Office documents, most threat actors switched to new file types in phishing attacks, such as ISO files and, more recently, OneNote documents.
After Microsoft disabled macros by default on downloaded Office documents, most threat actors switched to new file types for phishing attacks, such as ISO files, and more recently, OneNote documents.
"The ability of ReconShark to exfiltrate valuable information, such as deployed detection mechanisms and hardware information, indicates that ReconShark is part of a Kimsuky-orchestrated reconnaissance operation that enables subsequent precision attacks, possibly involving malware specifically tailored to evade defenses and exploit platform weaknesses," warned SentinelOne.
Another capability of ReconShark is to fetch additional payloads from the C2, which can give Kimsuky a better foothold on the infected system.