In a recent study, Unit 42 researchers discovered that the Sparkling Pisces (aka Kimsuky) threat group uses two malware samples. A keylogger named KLogEXE by its authors is included in the list of malware, as is a variant of a backdoor known as FPSpy that is undocumented and potentially harmful.
This is a significant addition to Sparkling Pisces’ already extensive arsenal and shows that the group is continually advancing and developing its capabilities to meet the needs of its audience.
Two malware tools have been discovered by researchers at Unit 42 that had never been documented before. Two tools are being used by the North Korean APT group, Sparkling Pisces, to conduct cyber espionage campaigns and spear phishing attacks. The tools being used are KLogExe and FPSpy.
Moreover, customers can be better protected by using Cloud-Delivered Security Services as part of their Next-Generation Firewall, including Advanced WildFire, Advanced URL Filtering, Advanced DNS Security, and Advanced Threat Prevention, and can also improve their connectivity.
In KLogExe, the company uses a C++-based keylogger to record keyboard input and mouse clicks and encrypt the data they record in a log file.
The log file has the extension .ini. After the file has reached the size limit set by KLogExe, it is renamed with the current date, an auto-generated boundary is generated, and the data is sent via HTTP to a comma
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: