More information regarding North Korean state-backed advanced persistent threat operation Kimsuky, also known as APT43, has been uncovered in a new analysis of a 9 GB dataset exposed last month, according to GBHackers News.Included in the data dump were details regarding the development of interactive malware, OCR command-based reconnaissance efforts, privileged access management logs, and a covert Linux rootkit, as well as domains hinting at an advanced phishing infrastructure and logs showing Taiwanese government and academic IP compromise, a report from DomainTools revealed.Kimsuky has also been revealed to be receiving support from China for its GPKI certificate and plaintext credential-targeted intrusions with long-term persistence against South Korea and Taiwan.Such findings have prompted researchers to advise further NASM toolchain artifact tracking on developer hosts and intensified OCR tool usage detection, as well as the sinkholing of discovered adversary-in-the-middle proxies and phishing domains, while conducting file integrity monitoring and PAM and SSH log audits.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds