Regístrese ahora para una mejor cotización personalizada!

Global spear-phishing campaign launched by North Korean APT Kimsuky

Mayo, 05, 2023 Hi-network.com

Kimsuky, a North Korean state-sponsored APT group, has deployed a new malware component called ReconShark, according to security researchers at SentinelOne. This malware is being distributed via targeted spear-phishing emails containing OneDrive links that download documents and activate malicious macros. 

The Microsoft Office macro, triggered when the document closes, performs a more advanced version of the reconnaissance function found in Kimsuky's BabyShark malware, which stores data in string variables that it sends to a C2 (command and control) server via an HTTP POST request. ReconShark can also use the processes of the detection mechanism found on infected machines to install additional payloads, such as scripts or DLL files. Organisations and individuals in at least the USA, Europe and Asia, including think tanks, research universities and government agencies, were targeted in the campaign.

tag-icon Etiquetas calientes: Seguridad de red ciberseguridad

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.