This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Patch now! VMWare escape flaws are so serious even end-of-life software gets a fix
March 8, 2024
VMWare has issued secuity fixes for its VMware ESXi, Workstation, Fusion, and Cloud Foundation products. It has even taken the unusual step of issuing updates for versions of the affected software that have reached thier end-of-life, meaning they would normally no longer be supported. This flaws affect customers who have deployed VMware Workstation, VMware Fusion, and/or ...
- Belgium’s largest coffee roaster falls victim to cyber attack
March 8, 2024
Coffee Beyers from the Belgian town of Puurs-Sint-Amands has fallen victim to a cyber attack. Hackers managed to break into the company’s computer systems on Thursday. Cybercriminals are clearly targeting Belgian beverage producers this week. During the night from Tuesday to Wednesday, brewery Duvel Moortgat found traces of a break-in on its servers. Read more… Source: Techzine
- PetSmart warns customers of credential stuffing attack
March 7, 2024
Pet retail company PetSmart has emailed customers to alert them to a recent credential stuffing attack. Credential stuffing relies on the re-use of passwords. Take this example: User of Site A uses the same email and password to login to Site B. Site A gets compromised and those login details are exposed. People with access to ...
- U.S. Army Intelligence Analyst Arrested and Charged with Conspiracy to Obtain and Disclose National Defense Information
March 7, 2024
Korbein Schultz, a U.S. Army soldier and intelligence analyst, was arrested today at Fort Campbell following an indictment by a federal grand jury charging him with conspiracy to obtain and disclose national defense information, exporting technical data related to defense articles without a license, conspiracy to export defense articles without a license, and bribery of ...
- Jersey data breach leaks personal information
March 7, 2024
A data breach at Jersey’s Financial Services Commission has allowed access to non-public names and addresses. The organisation confirmed a “vulnerability” was detected in its Registry system on 23 January. It said the leak did not link any individuals to registered entities or roles held and that it had separately written to those whose names and addresses ...
- Insurance giant Fidelity hit by data breach
March 6, 2024
Sensitive information belonging to tens of thousands of Fidelity Investments Life Insurance customers was stolen, reportedly thanks to a supply chain attack that happened in 2023. The insurance giant has filed a data breach notification with the Maine attorney general’s office in which it stated that 28,268 of its customers had their private data leaked after ...