Array of malware used to gather intelligence for North Korea
Essential information
- Published
- 29/07/2024 10:21
- Modified
- 29/07/2024 11:04
- Tags
- 2024-07-29 CVE-2021-44228 CVE-2023-27350 CVE-2023-42793 dtrack espionage lighthand north korea sliver smalltiger tigerrat validalpha
- Related entities
- 5 vulnerabilities (cve), 24 observables, 1 intrusion sets (apt), 19 techniques (mitre), 6 malware, 6 others
Description
Microsoft Threat Intelligence analyzes the activities of the North Korean threat actor Onyx Sleet, which conducts cyber espionage operations primarily targeting military, defense, and technology industries. The report covers Onyx Sleet's affiliations with other North Korean threat groups, its targets, attack techniques like exploiting vulnerabilities and custom malware, and recent malware campaigns such as TigerRAT, SmallTiger, LightHand, and ValidAlpha. The report also provides recommendations, detections, and indicators to help organizations protect themselves against Onyx Sleet's operations.