news
Cybereason researchers uncover North Korean APT operation targeting public and private sectors
organisations , journalists and human rights groups .
The KGH _ SPY suite infection vector appears to be by way of Word documents containing malicious macros and the malware includes several components used to harvest information , run arbitrary commands and spy on the user activities by way of a keylogger and a backdoor component . ybersecurity company , Cybereason , has
C announced that the Cybereason Nocturnus Team has identified a newly discovered modular spyware suite dubbed ‘ KGH _ SPY ’ and a new malware strain named ‘ CSPY Downloader ’.
The company says it is being employed in attacks by cyber espionage group , Kimsuky , believed to be operating on behalf of the North Korean regime .
This APT group has been observed targeting victims that include public and private sector companies in the US , Europe , Japan , South Korea and Russia .
The target organisations include pharmaceutical and research companies working on COVID-19 therapies , government and defence
Some of the components of the KGH Spyware suite remain undetected by antivirus vendors .
Assaf Dahan , Senior Director , Head of Threat Research , Cybereason , said : “ Since the malware is quite new , the true scope of the threat it poses is unknown , but given Kimsuky ’ s track record , this spyware is likely to be of serious concern to both public and private sector organisations .”
SOPHOS LAUNCHES RAPID RESPONSE SERVICE TO IDENTIFY AND NEUTRALISE ACTIVE CYBERSECURITY ATTACKS
ophos , a global leader in nextgeneration cybersecurity , has
S announced the availability of Sophos Rapid Response , an industryfirst , fixed-fee remote incident response service that identifies and neutralises active cybersecurity attacks throughout its entire 45-day term of engagement . Sophos Rapid Response provides organisations with a dedicated 24 / 7 team of incident responders , threat hunters and threat analysts to quickly stop advanced attacks and remove adversaries from their networks , minimising damage and costs and reducing recovery time .
Sophos Rapid Response has identified the first known use of the Buer malware dropper to deliver ransomware . In new research published from Sophos Rapid
Response and SophosLabs , Hacks for Sale : Inside the Buer Loader Malwareas-a-Service , Sophos details how Buer compromises Windows PCs and enables attackers to deliver a payload . Sophos Rapid Response made the discovery while mitigating a recent Ryuk ransomware attack , which was detected and stopped as part of a wave of Ryuk attacks using new tools , techniques and procedures . In this incident , the relentless attackers used a new variant of Buer in an attempt to launch Ryuk ransomware , before expanding their efforts to mix the use of Buer with other types of loader malware .
“ When you ’ re hit with an attack , time is of the essence . Every minute between initial compromise and neutralisation counts , as adversaries race through the attack life cycle ,” said Joe Levy , Chief Technology Officer at Sophos . u www . intelligentciso . com
13