Researchers have recently identified new malware strains being used by the North Korean threat group Sparkling Pisces [1], specifically the Kimsuky group.
Description
These malware samples [1] [3], KLogEXE and FPSpy [2] [3], showcase the group’s advancing capabilities, with KLogEXE functioning as a keylogger and FPSpy as a backdoor. KLogEXE is designed to gather information on applications, keystrokes [2], and mouse clicks [2], while FPSpy can collect system data, download payloads [2], execute commands, and enumerate files [2]. Both executables share similarities in their source code, indicating a common author. Sparkling Pisces [1] [2] [3], known for spear phishing attacks [2], primarily targets entities in South Korea and Japan. Additionally, the FPSpy variant has been linked to a recent campaign targeting users of a South Korean technology conglomerate [3].
Conclusion
Organizations can enhance their defenses against these threats by understanding the mechanics of these malware samples and the tactics employed by Sparkling Pisces [3]. Palo Alto Networks customers can benefit from enhanced protection through Cortex XDR [3], XSIAM [3], and Cloud-Delivered Security Services for the Next-Generation Firewall [3]. It is crucial for cybersecurity professionals to stay vigilant and proactive in the face of evolving cyber threats.
References
[1] https://blog.netmanageit.com/unraveling-tool-set-klogexe-and-fpspy/
[2] https://thehackernews.com/2024/09/n-korean-hackers-deploy-new-klogexe-and.html
[3] https://unit42.paloaltonetworks.com/kimsuky-new-keylogger-backdoor-variant/
