13 September 19, 14:30
Quote:Researchers have uncovered an ongoing, sophisticated malware campaign aiming at U.S.-based targets with an interest in nuclear deterrence, North Korea’s nuclear submarine program and North Korean economic sanctions.
The campaign, which researchers from Prevailion call “Autumn Aperture” and link with moderate confidence to the North Korea-based Kimsuky threat actors, sends victims trojanized documents via spear-phishing emails.The campaign is highly sophisticated, using legitimate documents that the targets were likely expecting, which have been booby-trapped. In addition, the threat actors used anti-evasion tactics such as utilizing obscure file formats (including the Kodak FlashPix format), which make them harder to detect by antivirus products, researchers said.
Researchers did not specify the companies targeted or the specific type of malware variant linked to the campaign. When asked about the specific malware utilized in the campaign, they told Threatpost: “Unfortunately Prevailion was unable to find the payload associated with this campaign. We were able to determine that trojanized document was trying to pull down an executable HTML file. But could not find a sample to analyze."
Read more here: https://threatpost.com/north-korean-spea...us/148299/