#ToddleShark

North Korea Hits ScreenConnect Bugs to Drop ‘ToddleShark’ Malware

by

March 5, 2024 at 03:02PM North Korean hackers exploit ConnectWise’s ScreenConnect software vulnerability with ToddleShark malware. Kimsuky, a DPRK-based APT, targets organizations using the CVE-2024-1709 bug. ToddleShark gathers system info and sends it to attacker-controlled servers via encrypted channels. It evades detection through randomization and junk code. Organizations are urged to patch their systems promptly. … Read more

ScreenConnect flaws exploited to drop new ToddleShark malware

by

March 4, 2024 at 05:44PM North Korean APT group Kimsuky is exploiting ScreenConnect vulnerabilities CVE-2024-1708 and CVE-2024-1709 to distribute the new ToddleShark malware. This polymorphic variant aims for long-term espionage, using legitimate Microsoft tools and scheduled tasks for persistent access. Kroll’s upcoming report will share further details and indicators of compromise for ToddleShark. From the … Read more