The North Korean cyber-threat group “Kimsuky” has caught the attention of the US Cybersecurity and Infrastructure Security Agency (CISA), having proved itself a significant advanced persistent threat (APT). The agency published an advisory describing the group’s tactics, techniques, and procedures (TTPs), which are inflicted on individuals, as well as organizations, and range from spearphishing and social engineering to evasion and data exfiltration. The tactics are not novel, but some of the tools are, cementing Kimsuky’s place under North Korea’s “HIDDEN COBRA” umbrella, as a threat at least equal to the infamous “Lazarus Group”. Unlike the latter, Kimsuky is focused solely on intelligence gathering, and will likely maintain that focus into the long-term future.
Most Recent Flipbooks
The well-established “Mozi” peer-to-peer (P2P) botnet has developed new persistence capabilities.
A configurable, malicious Traffic Direction System (TDS) has been enabling widespread malware attacks.
A years-long reconnaissance campaign against an employee of a US aerospace defense company was discovered and attributed to “TA456”, an Iranian state-backed advanced persistent threat (APT) group.
The new “BlackMatter”, “Haron”, and “El_Cometa” ransomware groups, which surfaced in the past three weeks, bear significant similarities to ransomware groups that disappeared last month
A vulnerability in Kaseya’s virtual system/server administrator (VSA) software has been exploited to deliver the “REvil” ransomware to multiple managed service providers.
The 14th Five Year Plan (FYP) adopted by the People’s Republic of China (PRC) in March 2021 has laid out key areas of focus for the country that are likely to prompt nation-state cyber espionage.
Several Clop members were arrested in association with money laundering, and the officials seized infrastructure the group has used in ransomware attacks globally.
The notorious Russia-based ransomware group “REvil” (aka Sodinokibi) has been blamed for the latest high-profile ransomware attack, on the world’s largest meat supplier.
The latest work of the notorious Russian state-associated “NOBELIUM” threat group is an email phishing campaign against multiple countries and sectors.