This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Gigabyte motherboards come with a hidden firmware backdoor
May 31, 2023
Component supplier Gigabyte has some pressing questions to answer. The first and most pressing is, “Why did you put an updater backdoor into your own motherboard firmware without telling anyone?” The second is, “Why didn’t you lock it down in any meaningful way, hoping that it would stay secure simply by not being known?” Read more… Source: ...
- Lazarus hackers target Windows IIS web servers for initial access
May 29, 2023
The notorious North Korean state-backed hackers, known as the Lazarus Group, are now targeting vulnerable Windows Internet Information Services (IIS) web servers to gain initial access to corporate networks. Lazarus is primarily financially motivated, with many analysts believing that the hackers’ malicious activities help fund North Korea’s weapons development programs. However, the group has also been ...
- Senegalese government websites hit with cyber attack
May 27, 2023
A group of hackers called Mysterious Team made multiple Senegalese government websites go offline overnight on Friday by hitting them with denial-of-service (DDoS) attacks, a government spokesperson said. The group claimed responsibility for the cyber attacks in a series of Twitter posts using the hashtag #FreeSenegal used by campaigners alleging political repression in Senegal. Read more… Source: Reuters
- Hot Pixels attack checks CPU temp, power changes to steal data
May 27, 2023
A team of researchers at Georgia Tech, the University of Michigan, and Ruhr University Bochum have developed a novel attack called “Hot Pixels,” which can retrieve pixels from the content displayed in the target’s browser and infer the navigation history. The attack exploits data-dependent computation times on modern system-on-a-chip (SoCs) and graphics processing units (GPUs) and ...
- CISA Adds One Known Exploited Vulnerability to Catalog
May 26, 2023
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-2868 Barracuda Networks ESG Appliance Improper Input Validation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases ...
- Buhti: New Ransomware Operation Relies on Repurposed Payloads
May 25, 2023
A relatively new ransomware operation calling itself Buhti appears to be eschewing developing its own payload and is instead utilizing variants of the leaked LockBit and Babuk ransomware families to attack Windows and Linux systems. While the group doesn’t develop its own ransomware, it does utilize what appears to be one custom-developed tool, an information stealer ...