• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new superbear trojan emerges in targeted phishing attack on south

New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists

You are here: Home / General Cyber Security News / New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists
September 1, 2023

A new phishing attack probably targeting civil modern society teams in South Korea has led to the discovery of a novel distant entry trojan identified as SuperBear.

The intrusion singled out an unnamed activist, who was contacted in late August 2023 and been given a malicious LNK file from an address impersonating a member of the organization, non-gain entity Interlabs stated in a new report.

The LNK file, on execution, launches a PowerShell command to execute a Visible Primary script that, in transform, fetches the subsequent-phase payloads from a authentic but compromised WordPress website.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


This contains the Autoit3.exe binary (“solmir.pdb”) and an AutoIt script (“solmir_1.pdb”) which is launched utilizing the previous.

The AutoIt script, for its portion, performs course of action injection working with a approach hollowing technique, in which malicious code is inserted into a procedure that’s in a suspended condition.

Cybersecurity

In this situation, an occasion of Explorer.exe is spawned to inject a by no means-before-witnessed RAT referred to as SuperBear that establishes communications with a distant server to exfiltrate info, download and operate additional shell commands and dynamic-hyperlink libraries (DDLs).

“The default action for the C2 server seems to instruct purchasers to exfiltrate and process procedure info,” Interlab researcher Ovi Liber mentioned, noting that the malware is so named for the reason that “the destructive DLL will check out to create a random filename for it, and if it cannot it will be named ‘SuperBear.'”

The attack has been loosely pinned on a North Korean country-condition actor named Kimsuky (aka APT43 or Emerald Sleet, Nickel Kimball, and Velvet Chollima), citing similarities with the initial attack vector and the PowerShell instructions utilized.

Earlier this February, Interlab also unveiled that North Korean country-condition actors specific a journalist in South Korea with Android malware dubbed RambleOn as component of a social engineering marketing campaign.

Located this article exciting? Follow us on Twitter  and LinkedIn to read through additional special content we put up.


Some elements of this write-up are sourced from:
thehackernews.com

Previous Post: «it's a zero day? it's malware? no! it's username and password It’s a Zero-day? It’s Malware? No! It’s Username and Password
Next Post: Russian State-Backed ‘Infamous Chisel’ Android Malware Targets Ukrainian Military russian state backed 'infamous chisel' android malware targets ukrainian military»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.