This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- China drafts ‘quantum-proof’ protocol to defend against advanced cyber attacks
October 30, 2024
Scientists from China are aiming to create a communication protocol which can help protect traditional encryption methods from quantum computer attacks. Chinese scientists recently presented a draft document at an internal event held in Sweden which showed their attempts at making a ‘quantum-proof’ communication protocol. Once ready, the protocol will help agencies and governments across the ...
- The Importance of Asset Context in Attack Surface Management.
October 30, 2024
This is the last of the four blogs (Help, I can’t see! A Primer for Attack Surface Management Blog Series, The Main Components of an Attack Surface Management (ASM) Strategy, and Understanding your Attack Surface: Different Approaches to Asset Discovery) covering the foundational elements of Attack Surface Management (ASM), and this topic covers one of ...
- Scammers Exploit 2024 US General Election to Perpetrate Multiple Fraud Schemes
October 29, 2024
The FBI is warning the public about scammers exploiting the 2024 US General election to perpetrate multiple types of financial fraud schemes. These scams target victims across the United States and have previously exploited state and local elections for similar scams. Scammers use the names, images, logos, and slogans of candidates to fraudulently solicit campaign contributions, ...
- Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
October 29, 2024
Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. Based on our investigation of previous Midnight Blizzard ...
- France: Free ISP announces data breach, millions of users possibly affected
October 29, 2024
One of the biggest internet service providers (ISP) in France has confirmed suffering a cyberattack that saw it lose sensitive customer data. A threat actor alias “drusselx” opened a new thread on the infamous Breach forums, advertising a major database for sale, claiming it contains data on 19.2 million Free customers, and holds more than 5.11 ...
- Hackers breach sensitive government and police data in Italy
October 28, 2024
Prosecutors in Milan have uncovered a network of hackers and former law enforcement officials accused of using malware and insider contacts to break into several government databases, including the Interior Ministry. The group allegedly accessed over 800,000 confidential records, even targeting accounts linked to the president’s office. Prosecutors said on Saturday that the operation was allegedly ...