#Kimsuky hackers use new custom #RDP Wrapper for remote access

https://www.bleepingcomputer.com/news/security/kimsuky-hackers-use-new-custom-rdp-wrapper-for-remote-access/

Cyber-Angriff auf Diehl Defence: Hacker nehmen deutsche Militärtechnik ins Visier
#Cyberangriffe #ITSicherheit #APT43 #CyberAngriff #DiehlDefence #Kimsuky #Nordkorea #Spionagesoftware https://sc.tarnkappe.info/5e34ea

Proofpoint has been tracking #TA427, a North Korea-aligned threat actor, for years.

Recently, the team observed changes in the group's tactics and targeting, including exploiting #DMARC and web beacons.

Greg Lesnewich shared his insight with The CyberWire Research Saturday podcast host Dave Bittner.

Stream now at https://thecyberwire.com/podcasts/research-saturday/326/notes.

Proofpoint’s threat research team has been tracking state-aligned actors for years. In a new report, they detail TA427, a group observed using new tactics, including persona spoofing and the incorporation of web beacons.

Blog: https://www.proofpoint.com/us/blog/threat-insight/social-engineering-dmarc-abuse-ta427s-art-information-gathering?utm_source=linkedin&utm_medium=social_organic&utm_campaign=2024&utm_post_id=35029a5f-a6c8-46ee-b34e-1ed3f5bee16e

Get to know advanced persistent threat (APT) #TA427:

Also goes by #EmeraldSleet, #APT43, #THALLIUM, #Kimsuky

Likely supports #DPRK intelligence on US and ROK foreign policy

A savvy #socialengineering expert

Likes the long game: builds rapport with targets over weeks/months

Uses multiple aliases, usually small/under-resourced think tanks and NGOs

Seen abusing #DMARC, spoofing private email accounts, and typosquatting

Explore the blog, and help spread the word about TA427’s prolific activity so potential targets are prepared to protect their people and defend their data.

Securonix describes a cyberespionage campaign by the North Korean state-sponsored APT Kimsuky. The infection chain leverages multiple PowerShell and VBScript stages. A remote access trojan (RAT) allows for full control over the infected hosts, and background scripts provide persistence and monitoring capabilities. C2 communication is handled through legitimate services such as Dropbox or Google Docs, allowing the threat actor to update its features or deploy additional modules. Initial infection vector is likely phishing email attachment (T1566.001). IOC at the bottom. https://www.securonix.com/blog/securonix-threat-research-security-advisory-new-deepgosu-attack-campaign/

Latest issue of my curated #cybersecurity and #infosec list of resources for week #49/2023 is out! It includes the following and much more:

➝ #23andMe updates user agreement to prevent #databreach lawsuits
➝ Hackers Exploited #ColdFusion Vulnerability to Breach Federal Agency Servers
➝ #Navy contractor Austal USA confirms #cyberattack after #dataleak
➝ #Nissan is investigating cyberattack and potential data breach
➝ Sellafield nuclear site hacked by groups linked to #Russia and #China
➝ #Roblox, #Twitch allegedly targeted by #ransomware cartel
➝ N. Korean #Kimsuky Targeting South Korean Research Institutes with #Backdoor Attacks
➝ ITG05 operations leverage #Israel-#Hamas conflict lures to deliver Headlace #malware
➝ Russian military hackers target #NATO fast reaction corps
➝ Cyberattack on Irish Utility Cuts Off Water Supply for Two Days
➝ Russia hacking: '#FSB in years-long cyber attacks on UK', says government
➝ Russia's AI-Powered Disinformation Operation Targeting #Ukraine, U.S., and #Germany
➝ #Microsoft Warns of Kremlin-Backed #APT28 Exploiting Critical #Outlook Vulnerability
➝ Inside Job: How a Hacker Helped Cocaine Traffickers Infiltrate Europe’s Biggest Ports
➝ Governments spying on #Apple, #Google users through push notifications - US senator
➝ Due to AI, “We are about to enter the era of mass spying,” says Bruce Schneier
➝ Ukraine appoints new cyber chief following ouster of top officials
➝ Norwegian Labor and Welfare Administration fined for data protection failures
➝ French government recommends against using foreign chat apps
➝ "Sierra:21" vulnerabilities impact #criticalinfrastructure routers
➝ New Stealthy 'Krasue' #Linux Trojan Targeting #Telecom Firms in Thailand
➝ SpyLoan #Android malware on Google Play downloaded 12 million times
➝ #LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks
➝ Just about every #Windows and #Linux device vulnerable to new LogoFAIL firmware attack
➝ #Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger
➝ Addressing post-quantum #cryptography with #CodeQL
➝ #Gmail’s AI-powered #spam detection is its biggest security upgrade in years
➝ Your mobile password manager might be exposing your credentials
➝ #Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks

This week's recommended reading is: "The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws" by Dafydd Stuttard

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-week-492023