Comment: Cybereason Researchers Find New North Korean Malware Suite

On October 27th, the US-CERT published a report summarizing Kimusky’s recent activities and describing the group’s TTPs and infrastructure.

Combining the information in the report with the intelligence accumulated by Cybereason Nocturnus over time, the researchers discovered a previously undocumented modular spyware suite dubbed KGH_SPY that provides Kimsuky with stealth capabilities to carry out espionage operations.

In addition, Cybereason Nocturnus uncovered another new malware strain dubbed CSPY Downloader that was observed to be a sophisticated tool with extensive anti-analysis and evasion capabilities, allowing the attackers to determine if  “the coast is clear” before downloading additional payloads.

The full research is available here: https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Chad Anderson
Chad Anderson , Research Engineer
InfoSec Expert
November 3, 2020 12:00 pm

Cybereason\’s findings are concerning but not surprising: wherever there is valuable information, there will also be an attempt on the part of threat actors to get their hands on it for financial gain, or to leverage for further campaigns of cybercrime.

However, it is worth remembering that despite how effective this spyware might be at covering its tracks, it relies on the same entry vectors as most of cyber threats currently populating the landscape. Emails remain cybercriminals avenue of choice to deliver malicious software, which is why there is really no excuse for organisations not to step up their anti-phishing measures. Education and technology should be working in concert to minimise the chences of human error. Cybersecurity awareness training and email filtering systems, but also DNS firewalling are among the essentials that all security teams should put in place to ensure that they are prepared for this kind of attack.

Last edited 2 years ago by Chad Anderson
1
0
Would love your thoughts, please comment.x
()
x