This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Cyber attack targets Medical Aid for Palestinians’ website amid Israel-Hamas conflict
October 13, 2023
In the midst of the ongoing conflict between Israel and Hamas, the Medical Aid for Palestinians organisation has reported a cyber attack on their website, which has disrupted their relief efforts for Gaza. They have also issued a warning that their website may go offline due to these disruptions. Taking to X (formerly Twitter), they posted ...
- Update now! Atlassian Confluence vulnerability is being actively exploited
October 12, 2023
Microsoft Threat Intelligence has revealed that it has been tracking the active exploitation of a vulnerability in Atlassian Confluence software since September 14, 2023. At the time the attacks were first observed the vulnerability was a zero-day, meaning that no update was available, so defenders had “zero days” to patch the flaw. The vulnerability has since ...
- Akira ransomware overview
October 12, 2023
Akira is a relatively new ransomware variant with Windows and Linux versions that came out in April 2023. Like many attackers, the gang behind this variant only uses the ransomware to encrypt files after first breaking into a network and stealing data. This group also employs a double extortion tactic, demanding a ransom from victims ...
- CISA Releases Nineteen Industrial Control Systems Advisories
October 12, 2023
CISA released nineteen Industrial Control Systems (ICS) advisories on October 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-285-01 Siemens SIMATIC CP products ICSA-23-285-02 Siemens SCALANCE W1750D ICSA-23-285-03 Siemens SICAM A8000 Devices Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- ToddyCat: Keep calm and check logs
October 12, 2023
ToddyCat is an advanced APT actor that Kaspersky researchers described in a previous publication last year. The group started its activities in December 2020 and has been responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Kaspersky first publication was focused on their main tools, Ninja Trojan and Samurai Backdoor, and ...
- India’s Bank of Baroda expose worsens: Agents steal money from accounts
October 12, 2023
India’s Bank of Baroda made it simple and easy for its agents to steal money from the accounts of its customers. And some of them did steal 2.2 million rupees ($27,000) from 362 customers, internal audit reports and records of the bank have revealed. The audits come after an expose by The Reporters’ Collective (TRC) and ...