This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Key Emerging Cybersecurity Threats and Challenges for 2025 and Beyond
October 27, 2025
The global threat landscape is undergoing an unprecedented transformation. Organizations are facing dizzying levels of complexity, driven by rapid technological innovation, the widespread adoption of artificial intelligence, and the expected disruptive effects of quantum computing. At the same time, shifting geopolitical dynamics, the rise of sophisticated cybercriminal networks, and the introduction of new regulatory frameworks are ...
- Ireland: Number of passengers affected by data breach not yet clear
October 26, 2025
It has not yet clear how many passengers were affected by the data breach relating to boarding passes issued for flights during August, but RTÉ News understands it may be in the hundreds of thousands. In August 3.8 million passenger journeys were made on flights through Dublin Airport. It has not been revealed yet what type ...
- Microsoft issues emergency WSUS security patch – update now
October 24, 2025
Microsoft has issued an emergency Windows server security patch to fix a critical severity flaw apparently abused in the wild. As part of its most recent Patch Tuesday cumulative update (October 14, 2025), Microsoft addressed CVE-2025-59287, a “deserialization of untrusted data” flaw found in Windows Server Update Service (WSUS). WSUS allows IT admins to manage patching ...
- Hackers steal medical records and financial data from 1.2M patients in massive healthcare breach
October 24, 2025
More than 1 million patients have been affected by a data breach involving SimonMed Imaging, one of the country’s largest outpatient radiology and medical imaging providers. The breach came to light after a cyberattack compromised sensitive patient data, with reports indicating that ransomware operators may have been behind the incident. What makes this case particularly concerning is the ...
- North Korean hackers target European defense firms with dream job scam
October 24, 2025
Infamous North Korean state-sponsored threat actors, Lazarus Group, have been targeting Southeastern European defense firms with their Operation DreamJob scams. Security researchers at ESET claim the goal of the attacks was to steal the know-how and other proprietary information on unmanned aerial vehicles (UAV) and drones. Lazarus is known for its work in supporting North Korea’s ...
- US accuses former L3Harris cyber boss of stealing and selling secrets to Russian buyer
October 23, 2025
The U.S. government has accused a former executive at defense contractor L3Harris of stealing trade secrets and selling them to a buyer in Russia, according to court documents seen by TechCrunch. On October 14, the Department of Justice accused Peter Williams of stealing eight trade secrets from two unnamed companies. The DOJ made the allegation in ...