This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting
March 1, 2023
Iron Tiger is an advanced persistent threat (APT) group that has been focused primarily on cyberespionage for more than a decade. In 2022, we noticed that they updated SysUpdate, one of their custom malware families, to include new features and add malware infection support for the Linux platform. We found the oldest sample of this updated ...
- “Major” cyberattack compromised sensitive U.S. Marshals Service data
February 28, 2023
The U.S. Marshals Service is investigating a major ransomware attack that has compromised some of its most sensitive information, including law enforcement materials, and the personal information of employees and potential targets of federal investigations. The cyberattack was considered a “major incident” by officials, impacting a “stand-alone” system (meaning it is not connected to a larger ...
- SCARLETEEL hackers use advanced cloud skills to steal source code, data
February 28, 2023
An advanced hacking operation dubbed ‘SCARLETEEL’ targets public-facing web apps running in containers to infiltrate cloud services and steal sensitive data. SCARLETEEL was discovered by cybersecurity intelligence firm Sysdig while responding to an incident in one of their customers’ cloud environments. Read more… Source: Bleeping Computer
- RIG Exploit Kit still infects enterprise users via Internet Explorer
February 27, 2023
The RIG Exploit Kit is undergoing its most successful period, attempting roughly 2,000 intrusions daily and succeeding in about 30% of cases, the highest ratio in the service’s long operational history. By exploiting relatively old Internet Explorer vulnerabilities, RIG EK has been seen distributing various malware families, including Dridex, SmokeLoader, and RaccoonStealer. Read more… Source: Bleeping Computer
- A Deep Dive into the Evolution of Ransomware Part 3
February 27, 2023
Ransomware is an ever-growing problem that has wreaked havoc across a multitude of industries, with astronomical ransom demands leaving businesses and infrastructure feeling powerless. From major hospitals to enterprises – no sector was immune from the impact of ransomware’s widespread infiltration in recent years. Trend Micro researchers discussed what triggers threat actors from changing their business ...
- LastPass: DevOps engineer hacked to steal password vault data in 2022 breach
February 27, 2023
LastPass revealed more information on a “coordinated second attack,” where a threat actor accessed and stole data from the Amazon AWS cloud storage servers for over two months. LastPass disclosed a breach in December where threat actors stole partially encrypted password vault data and customer information. Read more… Source: Bleeping Computer