May 10, 2024 at 11:27AM
North Korean threat actor Kimsuky deployed Golang-based malware Durian in targeted cyber attacks on South Korean cryptocurrency firms, per Kaspersky’s APT trends report. The attacks used legitimate South Korean software, establishing a connection to the attacker’s server to execute the infection. Kimsuky aims to steal data and geopolitical insight for the North Korean regime. The group is linked to various cyber campaigns and is tied to North Korea’s military intelligence organization. Additional North Korean state-sponsored groups, ScarCruft and APT43, are targeting South Korean users with malware campaigns.
Key Takeaways from the Meeting Notes:
– Kimsuky, a North Korean threat actor, has been observed using a new Golang-based malware called Durian in targeted cyber attacks on South Korean cryptocurrency firms.
– The attacks involved the use of legitimate software exclusive to South Korea as an infection pathway, with Durian being employed to introduce additional malware and to pilfer browser-stored data including cookies and login credentials.
– Kimsuky’s primary mission is to provide stolen data and valuable geopolitical insight to the North Korean regime by compromising policy analysts and other experts.
– Kimsuky has been linked to campaigns involving a C#-based remote access trojan and information stealer called TutorialRAT, employing typical spear-phishing techniques.
– Another North Korean state-sponsored hacking group, ScarCruft, has been targeting South Korean users with Windows shortcut files culminating in the deployment of RokRAT.
– ScarCruft, also known as APT37, InkySquid, RedEyes, Ricochet Chollima, and Ruby Sleet, is aligned with North Korea’s Ministry of State Security and is tasked with covert intelligence gathering.
Please let me know if you need any further information or if there is anything else I can assist you with.