This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Tech giant Fujitsu says it was hacked, warns of data breach
March 18, 2024
Multinational technology giant Fujitsu confirmed a cyberattack in a statement Friday, and warned that hackers may have stolen personal data and customer information. “We confirmed the presence of malware on multiple work computers at our company, and as a result of an internal investigation, we discovered that files containing personal information and customer information could be ...
- Russia foiled 280,000 DDoS cyberattacks against remote electronic voting system
March 17, 2024
Speaking at a news conference in Moscow, Ella Pamfilova, head of Russia’s Central Election Commission, said that the overall turnout in the presidential election as of 3:45 p.m. Moscow time (1245GMT), taking into account remote electronic voting, is 70.81%. Pamfilova also said that about 280,000 DDoS cyberattacks against remote electronic voting had been foiled, including 215,000 ...
- UK: NHS Dumfries and Galloway hit by cyber attack with ‘significant quantity’ of data at risk
March 15, 2024
NHS Dumfries and Galloway has been hit by a cyber attack, with the health board saying a “significant quantity” of data has been put at risk and services could potentially be disrupted. In a statement posted to its website on Friday, the board said the attack was “focused and ongoing” and the files accessed could include ...
- Ransomware’s appetite for US healthcare sees known attacks double in a year
March 15, 2024
Following the February 21 attack on Change Healthcare, scores of people in the US have been living with the brutal, real-world effects of ransomware. Described by the American Hospital Association (AHA) President and CEO Rick Pollack as “the most significant and consequential incident of its kind against the US health care system in history,” the attack ...
- Member of LockBit ransomware group sentenced to 4 years in prison
March 14, 2024
A dual Canadian-Russian national has been sentenced to four years in prison for his role in infecting more than 1,000 victims with the LockBit ransomware and then extorting them for tens of millions of dollars. Mikhail Vasiliev, a 33-year-old who most recently lived in Ontario, Canada, was arrested in November 2022 and charged with conspiring to ...
- A patched Windows attack surface is still exploitable
March 14, 2024
On August 8, 2023, Microsoft finally released a kernel patch for a class of vulnerabilities affecting Microsoft Windows since 2015. The vulnerabilities lead to elevation of privilege (EoP), which allows an account with user rights to gain SYSTEM privileges on a vulnerable host. The root cause of this attack surface, according to a 2015 blog, is ...