Security News > 2023 > May > North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware
The North Korean advanced persistent threat group known as Kimsuky has been observed using a piece of custom malware called RandomQuery as part of a reconnaissance and information exfiltration operation.
"Lately, Kimsuky has been consistently distributing custom malware as part of reconnaissance campaigns to enable subsequent attacks," SentinelOne researchers Aleksandar Milenkoski and Tom Hegel said in a report published today.
The ongoing targeted campaign, per the cybersecurity firm, is primarily geared towards information services as well as organizations supporting human rights activists and North Korean defectors.
RandomQuery, alongside FlowerPower and AppleSeed, are among the most frequently distributed tools in Kimsuky's arsenal, with the former functioning as an information stealer and a conduit for distributing remote access trojans like TutRAT and xRAT. The attacks begin with phishing emails that purport to be from Daily NK, a prominent Seoul-based online publication that covers North Korean affairs, to entice potential targets into opening a Microsoft Compiled HTML Help file.
It's worth noting at this stage that CHM files have also been adopted as a lure by a different North Korean nation-state actor referred to as ScarCruft.
"These incidents underscore the ever-changing landscape of North Korean threat groups, whose remit not only encompasses political espionage but also sabotage and financial threats."
News URL
https://thehackernews.com/2023/05/north-korean-kimsuky-hackers-strike.html
Related news
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)