#NorthKoreanAPT

Constantly Evolving MoonPeak RAT Linked to North Korean Spying

by

August 23, 2024 at 05:12PM A new version of XenoRAT malware called MoonPeak, with ties to North Korea’s Kimsuky group, is actively evolving and deploying complex infrastructure for command and control. It exhibits functional changes from the original XenoRAT, making detection challenging. Cisco Talos discovered the variant, analyzing its code modifications, infrastructure changes, and connections … Read more

North Korean Hackers Hijack Antivirus Updates for Malware Delivery

by

April 24, 2024 at 11:15AM North Korean threat actor Kimsuky exploited eScan antivirus’s update mechanism in a malware operation known as GuptiMiner. This involved a man-in-the-middle attack to deliver a malicious payload, enabling the deployment of backdoors and cryptocurrency miners in corporate networks. Despite eScan’s efforts to address the issue, new GuptiMiner infections persist. In … Read more