• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
north korea's apt37 targeting southern counterpart with new m2rat malware

North Korea’s APT37 Targeting Southern Counterpart with New M2RAT Malware

You are here: Home / General Cyber Security News / North Korea’s APT37 Targeting Southern Counterpart with New M2RAT Malware
February 15, 2023

The North Korea-joined menace actor tracked as APT37 has been joined to a piece of new malware dubbed M2RAT in attacks targeting its southern counterpart, suggesting ongoing evolution of the group’s functions and ways.

APT37, also tracked below the monikers Reaper, RedEyes, Ricochet Chollima, and ScarCruft, is linked to North Korea’s Ministry of Point out Security (MSS) contrary to the Lazarus and Kimsuky threat clusters that are portion of the Reconnaissance Common Bureau (RGB).

In accordance to Google-owned Mandiant, MSS is tasked with “domestic counterespionage and overseas counterintelligence things to do,” with APT37’s attack strategies reflective of the agency’s priorities. The operations have traditionally singled out people today this sort of as defectors and human rights activists.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“APT37’s assessed major mission is covert intelligence collecting in support of DPRK’s strategic armed service, political, and economic pursuits,” the risk intelligence organization reported.

The threat actor is identified to rely on personalized equipment these kinds of as Chinotto, RokRat, BLUELIGHT, GOLDBACKDOOR, and Dolphin to harvest delicate info from compromised hosts.

North Korea

“The principal element of this RedEyes Team attack circumstance is that it employed a Hangul EPS vulnerability and employed steganography approaches to distribute destructive codes,” AhnLab Security Emergency reaction Heart (ASEC) mentioned in a report posted Tuesday.

The infection chain noticed in January 2023 commences with a decoy Hangul document, which exploits a now-patched flaw in the term processing software program (CVE-2017-8291) to set off shellcode that downloads an graphic from a remote server.

The JPEG file makes use of steganographic methods to conceal a moveable executable that, when launched, downloads the M2RAT implant and injects it into the reputable explorer.exe procedure.

When persistence is realized by usually means of a Windows Registry modification, M2RAT functions as a backdoor able of keylogging, screen seize, method execution, and info theft. Like Dolphin, it really is also designed to siphon facts from removable disks and related smartphones.

“These APT attacks are pretty complicated to defend against, and the RedEyes team in particular is recognized to generally goal people today, so it can be complicated for non-company people today to even figure out the hurt,” ASEC mentioned.

This is not the initial time CVE-2017-8291 has been weaponized by North Korean menace actors. In late 2017, the Lazarus Team was observed concentrating on South Korean cryptocurrency exchanges and customers to deploy Destover malware, according to Recorded Foreseeable future.

Found this post exciting? Follow us on Twitter  and LinkedIn to read through extra exclusive material we write-up.


Some pieces of this posting are sourced from:
thehackernews.com

Previous Post: «webinar — a mythbusting special: 9 myths about file based threats Webinar — A MythBusting Special: 9 Myths about File-based Threats
Next Post: Crypto-Stealing Campaign Deploys MortalKombat Ransomware Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
  • Meta Adds Passkey Login Support to Facebook for Android and iOS Users

Copyright © TheCyberSecurity.News, All Rights Reserved.