Constantly Evolving MoonPeak RAT Linked to North Korean Spying
The malware is a customized variant of the powerful open source XenoRAT information stealing malware often deployed by Kimsuky and other DPRK APTs.
This tag covers cybersecurity incidents, policy, public services, privacy, advisories, and regional implications connected to North Korea.
Search across headline titles and summaries.
Background for this topic.
North Korea covers cybersecurity and information-security developments connected to North Korea, including incidents, policy, privacy, advisories, research, and news affecting organizations, public services, and digital systems in the area.
For practitioners, the tag provides geographic context for developments involving North Korea's organizations, services, partners, and users. Individual articles provide the specific technologies, threats, sectors, and operational implications relevant to each development.
The malware is a customized variant of the powerful open source XenoRAT information stealing malware often deployed by Kimsuky and other DPRK APTs.
The federal police in Argentina (PFA) have arrested a 29-year-old Russian national in Buenos Aires, who is facing money laundering charges related to cryptocurrency proceeds of the notorious North Korean hackers' Lazarus Group.' [...]
Kimsuky, or a Related Group, Deploys XenoRAT VariantA North Korean hacking team hastily pivoted from using publicly available cloud computing storage to its own infrastructure after security researchers unmasked a malware campaign. The group shifted from using cloud service including Google Drive, OneDrive, and Dropbox to systems under its control.
The MoonPeak RAT as used by UAT-5394 showed a possible connection to North Korean threat Kimsuky
A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign
Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups
Lazarus Espionage Group's Sophisticated Malware Evades Antivirus MonitoringNorth Korea's Lazarus hacking team, which focuses on cryptocurrency theft and espionage, has once again been exploiting a zero-day vulnerability in Microsoft Windows to install antivirus-suppressing malware dubbed Fudmodule to aid its intrusions.
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. [...]
A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea