North Korean cyberspies target govt officials with custom malware

A state-sponsored North Korean threat actor tracked as TA406 was recently observed deploying custom info-stealing malware in espionage campaigns.

The particular actor is attributed as one of several groups known as Kimsuky (aka Thallium). TA406 has left traces of low-volume activity since 2018, primarily focusing on espionage, money-grabbing scams, and extortion.

However, in March and June 2021, TA406 launched two distinct malware distribution campaigns that targeted foreign policy experts, journalists, and members of NGOs (non-governmental organizations).

Read more…
Source: Bleeping Computer