Security News > 2023 > May > N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks

The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign.

Active since at least 2012, the prolific threat actor has been linked to targeted attacks on non-governmental organizations, think tanks, diplomatic agencies, military organizations, economic groups, and research entities across North America, Asia, and Europe.

The latest intrusion set documented by SentinelOne leverages geopolitical themes related to North Korea's nuclear proliferation to activate the infection sequence.

These messages contain links to booby-trapped Microsoft Word documents hosted on OneDrive to deploy ReconShark, which chiefly functions as a recon tool to execute instructions sent from an actor-controlled server.

ReconShark is specifically designed to exfiltrate details about running processes, deployed detection mechanisms and hardware information, suggesting that data gathered from the tool is used to carry out "Precision attacks" involving malware tailored to the targeted environment in a manner that sidesteps detection.

"The ongoing attacks from Kimsuky and their use of the new reconnaissance tool, ReconShark, highlight the evolving nature of the North Korean threat landscape," SentinelOne said.

News URL

https://thehackernews.com/2023/05/n-korean-kimsuky-hackers-using-new.html