Kimsuky | Breaking Cybersecurity News | The Hacker News

The North Korean espionage-focused actor known as Kimsuky has been observed using three different Android malware strains to target users located in its southern counterpart. That's according to findings from South Korean cybersecurity company S2W, which named the malware families FastFire, FastViewer, and FastSpy. "The FastFire malware is disguised as a Google security plugin, and the FastViewer malware disguises itself as 'Hancom Office Viewer,' [while] FastSpy is a remote access tool based on  AndroSpy ," researchers Lee Sebin and Shin Yeongjae  said . Kimsuky, also known by the names Black Banshee, Thallium, and Velvet Chollima, is believed to be tasked by the North Korean regime with a global intelligence-gathering mission, disproportionately targeting individuals and organizations in South Korea, Japan, and the U.S. This past August, Kaspersky unearthed a previously undocumented infection chain dubbed  GoldDragon  to deploy a Windows backdoor capable o...

Russian Security Firm Kaspersky Lab has revealed that it has been following a sustained attack on South Korea by hackers seemingly based in North Korea.,  This new Cyber Espionage campaign dubbed "Kimsuky"  has targeted several South Korean think tanks. R esearchers believe the Kimsuky malware is most likely delivered via spear-phishing e-mails  and used multiple Dropbox email accounts "It's interesting that the drop box mail accounts iop110112@hotmail.com and rsh1213@hotmail.com are registered with the following "kim" names: kimsukyang and "Kim asdfa " The Kaspersky researchers revealed that the operation presents distinctive characteristics in its execution and logistics. The investigation started after the team of experts detected an unsophisticated spy program that communicated with it control server via a public e-mail server, an approach followed by too many amateur malware authors. Victims download a Trojan dropper which is used to download additional malwa...