This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- An overview of the new Rhysida ransomware targeting the Healthcare sector
August 9, 2023
On August 4, 2023, the HHS’ Health Sector Cybersecurity Coordination Center (HC3) released a security alert about a relatively new ransomware called Rhysida (detected as Ransom.PS1.RHYSIDA.SM), which has been active since May 2023. In this blog entry, Trend Micro reaseachers will provide details on Rhysida, including its targets and what they know about its infection ...
- Attackers Distribute Malware via Freeze.rs And SYK Crypter
August 9, 2023
FortiGuard Labs recently detected a new injector written in Rust—one of the fastest-growing programming languages—to inject shellcode and introduce XWorm into a victim’s environment. While Rust is relatively uncommon in malware development, several campaigns have adopted this language since 2019, including Buer loader, Hive, and RansomExx. FortiGuard Labs analysis also revealed a significant increase in injector ...
- Personal data of at least 26,212 people accessed in ransomware attack, Dallas tells state
August 9, 2023
Computer hackers accessed the personal information of at least 26,212 Texans in the recent ransomware attack on the city of Dallas, according to an official disclosure made public Monday on the Texas attorney general’s web site, three months after the breach. The city’s notice to the attorney general’s office says the data breach included names, addresses, ...
- Paracetamol maker Granules India’ Q1 profit hurt by cyber attack disruptions
August 9, 2023
Granules India Ltd the maker of paracetamol and ibuprofen pain relievers, reported a 62.5% fall in first-quarter profit on Wednesday, as a cyber security incident significantly disrupted operations. The generic drug maker’s consolidated net profit tumbled to 478.9 million rupees ($5.8 million) in the April-June quarter, from 1.27 billion rupees a year earlier. Granules faced a ...
- Northern Ireland: Major data breach identifies thousands of police officers and civilian staff
August 8, 2023
The Police Service of Northern Ireland (PSNI) has apologised for mistakenly revealing details of all its 10,000 staff. NI’s Police Federation said the breach could cause “incalculable damage”. In response to a Freedom of Information (FoI) request, the PSNI had shared names of all police and civilian personnel, where they were based and their roles. The ...
- UK Elections watchdog targeted by cyber attack which left voters’ details exposed
August 8, 2023
Details of tens of millions of voters could have been accessed by hackers who targeted the elections watchdog. The Electoral Commission revealed on Tuesday it was targeted by a cyber attack which allowed “hostile actors” to access electoral registers. The hack allowed the attackers to access reference copies of electoral registers which contained the name and addresses ...