Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks

    justmattgBy justmattgMay 7, 2023No Comments3 Mins Read

    [ad_1]

    May 05, 2023Ravie LakshmananCyber Threat / Malware

    N. Korean Kimsuky Hackers

    The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign.

    “[ReconShark] is actively delivered to specifically targeted individuals through spear-phishing emails, OneDrive links leading to document downloads, and the execution of malicious macros,” SentinelOne researchers Tom Hegel and Aleksandar Milenkoski said.

    Kimsuky is also known by the names APT43, ARCHIPELAGO, Black Banshee, Nickel Kimball, Emerald Sleet (previously Thallium), and Velvet Chollima.

    Active since at least 2012, the prolific threat actor has been linked to targeted attacks on non-governmental organizations (NGOs), think tanks, diplomatic agencies, military organizations, economic groups, and research entities across North America, Asia, and Europe.

    Cybersecurity

    The latest intrusion set documented by SentinelOne leverages geopolitical themes related to North Korea’s nuclear proliferation to activate the infection sequence.

    “Notably, the spear-phishing emails are made with a level of design quality tuned for specific individuals, increasing the likelihood of opening by the target,” the researchers said. “This includes proper formatting, grammar, and visual clues, appearing legitimate to unsuspecting users.”

    ReconShark

    These messages contain links to booby-trapped Microsoft Word documents hosted on OneDrive to deploy ReconShark, which chiefly functions as a recon tool to execute instructions sent from an actor-controlled server. It’s also an evolution of the threat actor’s BabyShark malware toolset.

    “It exfiltrates system information to C2 server, maintains persistence on the system, and waits for further instruction from the operator,” Palo Alto Networks Unit 42 said in its analysis of BabyShark in February 2019.

    UPCOMING WEBINAR

    Learn to Stop Ransomware with Real-Time Protection

    Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

    Save My Seat!

    ReconShark is specifically designed to exfiltrate details about running processes, deployed detection mechanisms and hardware information, suggesting that data gathered from the tool is used to carry out “precision attacks” involving malware tailored to the targeted environment in a manner that sidesteps detection.

    The malware is also capable of deploying additional payloads from the server based on “what detection mechanism processes run on infected machines.”

    Furthermore, ReconShark, unlike previous variants, does not save the harvested information on the file system, instead opting to store the data in string variables and uploading it to the C2 server by issuing HTTP POST requests.

    The findings add to growing evidence that the threat actor is actively shifting its tactics to get a foothold on compromised hosts, establish persistence, and stealthily gather intelligence for extended periods of time.

    “The ongoing attacks from Kimsuky and their use of the new reconnaissance tool, ReconShark, highlight the evolving nature of the North Korean threat landscape,” SentinelOne said.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleHackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN
    Next Article New White House AI Initiatives Include AI Software-Vetting Event at DEF CON
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑