Hacking operation ChinopuNK, a subgroup of the North Korean state-backed advanced persistent threat gang ScarCruft, has been deploying various payloads as part of a new global malware campaign, GBHackers News reports.
Malicious LNK files embedded in fake postal code update notices have been leveraged by ChinopuNK to deliver an AutoIT loader, which facilitates the retrieval and execution of a malware arsenal with nine different strains, including the NubSpy backdoor that abuses PubNub for covert command-and-control operations and the Rust-based CHILLYCHINO backdoor that prevents runtime analysis and reverse engineering efforts, an analysis from S2W's Threat Analysis and Intelligence Center researchers showed. Also spread by ChinopuNK were the PowerShell-based infostealer LightPeek and Python-based loader TxPyLoader, as well as the FadeStealer and VCD Ransomware payloads. Such findings were noted by researchers to indicate not only ScarCruft's persistent real-time platform targeting but also its sophistication in harnessing open-source or publicly available codebases in attacks.
Malicious LNK files embedded in fake postal code update notices have been leveraged by ChinopuNK to deliver an AutoIT loader, which facilitates the retrieval and execution of a malware arsenal with nine different strains, including the NubSpy backdoor that abuses PubNub for covert command-and-control operations and the Rust-based CHILLYCHINO backdoor that prevents runtime analysis and reverse engineering efforts, an analysis from S2W's Threat Analysis and Intelligence Center researchers showed. Also spread by ChinopuNK were the PowerShell-based infostealer LightPeek and Python-based loader TxPyLoader, as well as the FadeStealer and VCD Ransomware payloads. Such findings were noted by researchers to indicate not only ScarCruft's persistent real-time platform targeting but also its sophistication in harnessing open-source or publicly available codebases in attacks.
