This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- TSMC discloses data breach from LockBit-claimed attack against third party
July 4, 2023
Major Taiwanese multinational chip manufacturing firm Taiwan Semiconductor Manufacturing Company has confirmed experiencing a data breach as a result of a cyberattack against Kinmax, which is one of its IT hardware suppliers, before the end of June, reports The Record, a news site by cybersecurity firm Recorded Future. Such a disclosure comes after the LockBit ransomware ...
- Microsoft Denies Major 30 Million Customer-Breach
July 4, 2023
Microsoft has hit back at claims from a shadowy hacktivist outfit that it managed to breach the company and obtain account access for tens of millions of customers. Anonymous Sudan, which has been linked in the past to pro-Kremlin groups like Killnet, posted the details of its alleged raid on Telegram. Read more… Source: Infosecurity Magazine
- Chinese threat actors targeting Europe in SmugX campaign
July 3, 2023
In the last couple of months, Check Point Research (CPR) has been tracking the activity of a Chinese threat actor targeting Foreign Affairs ministries and embassies in Europe. Combined with other Chinese activity previously reported by Check Point Research, this represents a larger trend within the Chinese ecosystem, pointing to a shift to targeting European entities, ...
- More sensitive Optus data leaked in major cyberattack on law firm
July 1, 2023
Optus has been caught up in another major cyberattack, with sensitive information about a privacy watchdog investigation into the mobile-phone company breached by Russian hackers. The Office of the Australian Information Commissioner is one of dozens of government departments and agencies scrambling to find out how much of their data has been breached in a hack ...
- A proxyjacking campaign is looking for vulnerable SSH servers
June 30, 2023
A researcher at Akamai has posted a blog about a worrying new trend -proxyjacking – where criminals sell your bandwidth to a third-party proxy service. To understand how proxyjacking works, we’ll need to explain a few things. There are several legitimate services that pay users to share their surplus Internet bandwidth, such as Peer2Profit and HoneyGain. ...
- Cyberattack knocks out satellite communications for Russian military
June 30, 2023
Dozor-Teleport, the satellite system’s operator, switched some users to terrestrial networks during the outage, according to JD Work, a cyberspace professor at the National Defense University. Analyst Doug Madory of Kentik, which monitors online traffic, said one network was taken over by Dozor’s parent company, Amtel-Svyaz, while three others remained down. The company did not release ...