Cybereason researchers uncover North Korean APT operation targeting public and private sectors

Cybereason researchers uncover North Korean APT operation targeting public and private sectors

Cybersecurity company Cybereason has announced that the Cybereason Nocturnus Team has identified a newly discovered modular spyware suite dubbed KGH_SPY and a new malware strain named CSPY Downloader.

The company says they are being employed in attacks by cyber espionage group Kimsuky – believed to be operating on behalf of the North Korean regime.

This APT group has been observed targeting victims that include public and private sector companies in the US, Europe, Japan, South Korea and Russia.

The target organizations include pharmaceutical and research companies working on COVID-19 therapies, government and defense organizations, journalists and human rights groups.

The KGH_SPY suite infection vector appears to be by way of Word documents containing malicious macros and the malware includes several components used to harvest information, run arbitrary commands and spy on the user activities by way of a keylogger and a backdoor component. Some of the components of the KGH Spyware suite remain undetected by antivirus vendors.

Assaf Dahan, Senior Director, Head of Threat Research, Cybereason, said: “Since the malware is quite new, the true scope of the threat it poses is unknown, but given Kimsuky’s track record this spyware is likely to be of serious concern to both public and private sector organizations.”  

The full report is available here.

Browse our latest issue

Intelligent CIO APAC

View Magazine Archive