A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information.
Cybersecurity firm Malwarebytes attributed the activity to a threat actor tracked as Kimsuky, with the targeted entities comprising of the Korea Internet and Security Agency (KISA), Ministry of Foreign Affairs, Ambassador of the Embassy of Sri Lanka to the State, International Atomic Energy Agency (IAEA) Nuclear Security Officer, Deputy Consul General at Korean Consulate General in Hong Kong, Seoul National University, and Daishin Securities.
The development is only the latest in a series of surveillance efforts aimed at South Korea. Believed to be operating on behalf of the North Korean regime, Kimsuky (aka Velvet Chollima, Black Banshee, and Thallium) has a track record of singling out South Korean entities while expanding their victimology to the U.S., Russia, and various nations in Europe.
Last November, the adversary was linked to a new modular spyware suite called “KGH_SPY,” which allows it to carry out reconnaissance of target networks, log keystrokes, and steal confidential information, as well as a stealthy malware under the name “CSPY Downloader” that’s designed to thwart analysis and download additional payloads.
images from Hacker News