North Korea's Hackers Caught Red-Handed: The Cyberstanc Revelation
Contents
North Korea's Hackers Caught Red-Handed: The Cyberstanc Revelation
In our tireless pursuit of countering Advanced Persistent Threats (APTs), particularly in the Asia-Pacific (APAC) region, our vigilant monitoring recently unearthed intriguing intelligence related to the notorious Kimsuky group, a suspected state-sponsored APT entity hailing from North Korea, also known as Black Banshee or Thallium.
Our researchers uncovered a striking similarity between this newfound sample and our own code. This revelation has brought to light the emergence of a new remote access trojan (RAT) christened 'SuperBear,' which was employed in a targeted phishing assault against civil society groups and activists in the APAC region.
The attack's initial phase involves a cunningly disguised phishing email, originating from a trusted source within the activist's organization. Once opened, this email prompts the unwitting victim to execute a malicious LNK file, setting off a sequence of events, including a PowerShell command and a Visual Basic script, all orchestrated to …
In our tireless pursuit of countering Advanced Persistent Threats (APTs), particularly in the Asia-Pacific (APAC) region, our vigilant monitoring recently unearthed intriguing intelligence related to the notorious Kimsuky group, a suspected state-sponsored APT entity hailing from North Korea, also known as Black Banshee or Thallium.
Our researchers uncovered a striking similarity between this newfound sample and our own code. This revelation has brought to light the emergence of a new remote access trojan (RAT) christened 'SuperBear,' which was employed in a targeted phishing assault against civil society groups and activists in the APAC region.
The attack's initial phase involves a cunningly disguised phishing email, originating from a trusted source within the activist's organization. Once opened, this email prompts the unwitting victim to execute a malicious LNK file, setting off a sequence of events, including a PowerShell command and a Visual Basic script, all orchestrated to …
IoC
282e926eb90960a8a807dd0b9e8668e39b38e6961b0023b09f8b56d287ae11cb
89.117.139.230
http://89.117.139.230
http://hironchk.com
http://hironchk.com/upload/upload.php
89.117.139.230
http://89.117.139.230
http://hironchk.com
http://hironchk.com/upload/upload.php