Kimsuky, alias Mystery Baby, Baby Coin, Smoke Screen, Black Banshe, etc., is tracked internally by Qi’anxin as APT-Q-2. The APT group was publicly disclosed in 2013, with attack activity dating as far back as 2012.
Kimsuky’s main target for attacks has been South Korea, involving defense, education, energy, government, healthcare, and think tanks, with a focus on classified information theft. The group typically delivers malware using social engineering, spearmail, and puddle attacks, and has a wide range of attack tactics, with weapons for both Windows and Android platforms. Summary of events A batch of malware similar to Kimsuky’s historical samples was recently discovered by the Qi’anxin Threat Intelligence Center. One of the samples releases software signed by Korean software vendor BlueMoonSoft to confuse victims.
Read more…
Source: Qi’anxin Threat Intelligence Center.
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Researchers Disclose New Foreshadow (L1TF) Vulnerabilities Affecting Intel CPUs
August 14, 2018
Academics and private sector researchers have revealed details today about three new vulnerabilities affecting Intel CPUs. All three are Spectre-class attacks that take advantage of a CPU design feature named speculative execution —a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data. These flaws target ...
- Postmortem of a Compromised MikroTik Router
August 14, 2018
Cryptocurrency coinminers are the new ransomware and malicious actors have already pounced on the opportunity to make their fortune. Symantec has been tracking a large-scale coin-mining campaign which, as per Shodan, has currently infected about 157,000 MikroTik routers. Researchers discovered this coin-mining campaign in early August 2018. The campaign was initially concentrated in Brazil; however, it soon began ...
- Victims Lose Access to Thousands of Photos as Instagram Hack Spreads
August 14, 2018
In a probable quest to build a botnet, someone is hacking Instagram accounts, deleting handles, avatars and personal details, and linking them to a new email address. An Instagram hack is spreading across the internet, with increasing numbers of victims finding their accounts hijacked and personal details altered — and account recovery so far impossible. Read more… Source: ...
- Researchers Developed Artificial Intelligence-Powered Stealthy Malware
August 9, 2018
Artificial Intelligence (AI) has been seen as a potential solution for automatically detecting and combating malware, and stop cyber attacks before they affect any organization. However, the same technology can also be weaponized by threat actors to power a new generation of malware that can evade even the best cyber-security defenses and infects a computer network ...
- A First Look at the North Korean Malware Family Tree
August 9, 2018
Security researchers have analyzed malware samples from threat actors associated with North Korea and discovered connections with tools from older unattributed campaigns. The research is spread over several months and connects a diverse range of operations from cyberespionage to financially-motivated campaigns. The campaigns analyzed by the researchers and a timeline of their release can be shown below. Read more: Source: ...
- Ramnit Changes Shape with Widespread Black Botnet
August 6, 2018
A massive proxy botnet is just the tip of the iceberg, a warning sign of a bigger operation in the works by the Ramnit operators. The recently uncovered “Black” botnet campaign using the Ramnit malware racked up 100,000 infections in the two months through July– but the offensive could just be a precursor to a much ...