Kimsuky, a North Korean APT outfit, has been discovered deploying a piece of bespoke malware named RandomQuery as part of a reconnaissance and information exfiltration operation.
“Lately, Kimsuky has been consistently distributing custom malware as part of reconnaissance campaigns to enable subsequent attacks,” Aleksandar Milenkoski and Tom Hegel of SentinelOne noted in a report published.
According to the cybersecurity firm, the current targeted campaign is particularly aimed at information services as well as organizations supporting human rights advocates and North Korean defectors.
Kimsuky, who has been active since 2012, has demonstrated targeting patterns that correspond to North Korea’s operational directives and priorities.
As SentinelOne disclosed earlier this month, the information collection missions have featured the employment of a broad assortment of malware, including another reconnaissance program named ReconShark.
The group’s most recent activity cluster began on May 5, 2023, and employs a form of RandomQuery that is specially tailored to enumerate files and siphon sensitive data.
RandomQuery, along with FlowerPower and AppleSeed, are among the most widely disseminated tools in Kimsuky’s arsenal, with the former acting as an
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: