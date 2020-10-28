Comment: Cybereason Researchers Find New North Korean Malware Suite

119 0
Dot Your Expert Comments
Facebook Twitter WhatsApp Google LinkedIn Email

On October 27th, the US-CERT published a report summarizing Kimusky’s recent activities and describing the group’s TTPs and infrastructure.

Combining the information in the report with the intelligence accumulated by Cybereason Nocturnus over time, the researchers discovered a previously undocumented modular spyware suite dubbed KGH_SPY that provides Kimsuky with stealth capabilities to carry out espionage operations.

In addition, Cybereason Nocturnus uncovered another new malware strain dubbed CSPY Downloader that was observed to be a sophisticated tool with extensive anti-analysis and evasion capabilities, allowing the attackers to determine if  “the coast is clear” before downloading additional payloads.

The full research is available here: https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite

EXPERTS COMMENTS
Chad Anderson, Research Engineer ,  DomainTools
November 03, 2020
Cybersecurity awareness training and email filtering systems, but also DNS firewalling are among the essentials.
Cybereason's findings are concerning but not surprising: wherever there is valuable information, there will also be an attempt on the part of threat actors to get their hands on it for financial gain, or to leverage for further campaigns of cybercrime. However, it is worth remembering that despite how effective this spyware might be at covering its tracks, it relies on the same entry vectors as ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments
In this article