North Korean based backdoor packs a punch
Essential information
- Published
- 21/06/2024 06:47
- Modified
- 21/06/2024 07:13
- Tags
- 2024-06-21 aerospace backdoor defense espionage nikigo nikihttp northkorea
- Related entities
- 20 observables, 1 intrusion sets (apt), 8 techniques (mitre), 2 malware, 2 others
Description
This report analyzes a new threat campaign discovered in late May, featuring multiple layers and ultimately delivering a previously undocumented backdoor. The campaign specifically targets Aerospace and Defense companies, sectors of particular interest to North Korean threat groups. The backdoors analyzed are simple yet powerful tools with various obfuscation techniques and capabilities like reconnaissance, data collection, and remote control. While attribution is made with low confidence to the Kimsuky threat group, there are indications of multiple developers potentially involved, including the possible outsourcing of some malware creation capabilities.