Risk actors with ties to North Korea have been noticed leveraging two new malware strains dubbed KLogEXE and FPSpy.
The exercise has been attributed to an adversary tracked as Kimsuky, which is often known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (previously Thallium), Glowing Pisces, Springtail, and Velvet Chollima.
“These samples enhance Sparkling Pisces’ already extensive arsenal and demonstrate the group’s continuous evolution and increasing capabilities,” Palo Alto Networks Unit 42 researchers Daniel Frank and Lior Rochberger mentioned.
Lively since no less than 2012, the menace actor has been known as the “king of spear phishing” for its capability to trick victims into downloading malware by sending emails that make it look like they’re from trusted events.
Unit 42’s evaluation of Glowing Pisces’ infrastructure has uncovered two new transportable executables known as KLogEXE and FPSpy.
KLogExe is a C++ model of the PowerShell-based keylogger named InfoKey that was highlighted by JPCERT/CC in reference to a Kimsuky marketing campaign concentrating on Japanese organizations.
The malware comes outfitted with capabilities to gather and exfiltrate details about the purposes presently working on the compromised workstation, keystrokes typed, and mouse clicks.
Alternatively, FPSpy is claimed to be a variant of the backdoor that AhnLab disclosed in 2022, with overlaps recognized to a malware that Cyberseason documented beneath the title KGH_SPY in late 2020.
FPSpy, along with keylogging, can also be engineered to collect system data, obtain and execute extra payloads, run arbitrary instructions, and enumerate drives, folders, and information on the contaminated machine.
Unit 42 mentioned it was additionally capable of determine factors of similarities within the supply code of each KLogExe and FPSpy, suggesting that they’re possible the work of the identical creator.
“Most of the targets we observed during our research originated from South Korea and Japan, which is congruent with previous Kimsuky targeting,” the researchers mentioned.
