North Korean cyber espionage group Kimsuky has been observed employing a new spear-phishing campaign aimed at staff from Korea Risk Group (KRG) and several universities, according to researchers at SentinelLabs. The attack uses Microsoft OneDrive links contained in documents equipped with malicious macros, which then drop ReconShark malware. ReconShark is part of a broader malware system known as BabyShark. The new malware can exfiltrate data, including key information on detection mechanisms and hardware details, which is used to access targeted networks. The cyber espionage group is also showing greater attention to detail in its crafting of emails to ensure they appear legitimate to recipients. The group has previously been linked to cyber espionage operations focused on research institutions, think tanks, and pharmaceutical companies. The new campaign suggests that Kimsuky is expanding its targeting to also include academic institutions and that organizations need to adopt good email security practices to avoid compromise.
Cybersecurity-malware,NorthKorea,APT,OneDrive,cyberattack,tactics
<< photo by Dan Nelson >>
You might want to read !
- Meta Takes Action Against APT and Cybercrime Groups on Facebook and Instagram
- Why Understanding the Importance of Private Keys is Crucial in Cybersecurity: Insights from S3 Ep134.
- “Insights from the Front Lines: Analyzing the Latest Device and Infrastructure Attacks Uncovered in Microsoft’s Digital Defense Report”
- North Korean Hackers Suspected in Major Data Breach at Seoul Hospital
- “Global APT Attacks: China, North Korea, and Iran Implicated, While Russia Targets Ukraine and EU, According to ESET Report”
- “North Korean Hackers Circumvent Macro-Blocking Using LNK Tactic”
- Dark Reading Hosts Industry Experts to Discuss Emerging Security Trends at RSAC 2023 News Desk.
- Microsoft 365 Phishing Tool Makes Cyber Attacks More Accessible
- Cybercriminals Increase the Use of Social Engineering Techniques and Malware, According to Netskope Study
- Malware Misdirection: Attackers Using Popular CDNs as Cover
- Russian National Indicted for Involvement in a Stolen Credit Card Verification Scheme