This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- To pay or not to pay – that’s the question as ransomware attacks rise
March 28, 2023
There is rarely a day that goes by when there isn’t a major local, national or international story about a well know organisation being hit by a cyber attack that has huge potential to disrupt the business and damage their brand. In the past few weeks alone we’ve seen Eurovision fans in a panic after Booking.com ...
- APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations
March 28, 2023
Mandiant researchers released a report on APT43, a prolific threat actor operating on behalf of the North Korean regime that they have observed engaging in cybercrime as a way to fund their espionage operations. According to Mandiant they track tons of activity throughout the year, but don’t always have enough evidence to attribute it to a ...
- Crown Resorts confirms ransom demand after GoAnywhere breach
March 28, 2023
Crown Resorts, Australia’s largest gambling and entertainment company, has confirmed that it suffered a data breach after its GoAnywhere secure file-sharing server was breached using a zero-day vulnerability. The Blackstone-owned company has an annual revenue that surpasses $8 billion and operates complexes in Melbourne, Perth, Sydney, Macau, and London. Read more… Source: Bleeping Computer
- The criminal use of ChatGPT – a cautionary tale about large language models
March 27, 2023
Their insights are compiled in Europol’s first Tech Watch Flash report published today. Entitled ‘ChatGPT – the impact of Large Language Models on Law Enforcement’, this document provides an overview on the potential misuse of ChatGPT, and offers an outlook on what may still be to come. Read more… Source: Europol
- Gone in 120 seconds: Tesla Model 3 child’s play for hackers
March 27, 2023
A team of hackers from French security shop Synacktiv have won $100,000 and a Tesla Model 3 after subverting the Muskmobile’s entertainment system, and from there opening up the car’s core management systems. The prize was awarded at the annual Pwn2Own competition in Vancouver and it wasn’t Synacktiv’s only win. The team walked away from the ...
- Earth Preta’s Cyberespionage Campaign Hits Over 200
March 27, 2023
Through extensive analysis and as of this writing, we discovered over 200 victims, leading to a wider intelligence analysis of the groups’ goals, different operation groups, and tactics, techniques, and procedures (TTPs). Our study aimed at understanding the different phases and facets involved in this operation, shedding light on the motives and techniques used by ...