This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Cyber attack on International Criminal Court in The Hague; Hackers stole sensitive docs
September 20, 2023
The International Criminal Court (ICC) in The Hague fell victim to a cyber attack last week, the court confirmed in a statement after reporting by NOS. A source told the broadcaster that the hackers gained access to a large number of sensitive documents, but an ICC spokesperson would not confirm that. The spokesperson told NOS that ...
- New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
September 19, 2023
Cisco Talos recently discovered a new malware family we’re calling “HTTPSnoop” being deployed against telecommunications providers in the Middle East. HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to listen to incoming requests for specific HTTP(S) URLs and execute that content on the ...
- CISA Releases Four Industrial Control Systems Advisories
September 19, 2023
CISA released four Industrial Control Systems (ICS) advisories on September 19, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-262-01 Siemens SIMATIC PCS neo Administration Console ICSA-23-262-03 Omron Engineering Software Zip-Slip Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related: CISA Adds One Known Exploited Vulnerability to Catalog
- Ransomware Attacks on Gaming Industry – A CISO Perspective
September 19, 2023
The gaming industry is experiencing a surge in cyber attacks because of its vast reservoirs of sensitive customer information, financial transactions, and interconnected operations. Zscaler’s ThreatLabz threat research team reported earlier this year that ransomware attacks had grown 37% overall year-over-year, with the average cost of an attack reaching a whopping $5.3M. The Department of Homeland ...
- Ransomware site claims to have stolen Auckland Transport data
September 19, 2023
A dark web ransomware site is claiming to have data stolen from Auckland Transport, a cyber threat analyst says. The transport agency was the victim of a cyber attack last week, which brought down the city’s ticket payment system. AT said no customer data has been compromised in the attack. A dark web ransomware site is ...
- Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says
September 19, 2023
Hackers who breached casino giants MGM Resorts International and Caesars Entertainment in recent weeks also broke into the systems of three other companies in the manufacturing, retail, and technology space, a security executive familiar with the matter said. David Bradbury, chief security officer of the identity management company Okta, said five of the company’s clients, including ...