Sep 26, 2024Ravie LakshmananCyber Attack / Malware
Discover two new malware strains, KLogEXE and FPSpy, used by threat actors linked to North Korea.
These activities have been attributed to the Kimsuky adversary, known for its spear phishing tactics and evolving capabilities.
According to researchers at Palo Alto Networks Unit 42, “These samples enhance Sparkling Pisces’ already extensive arsenal and demonstrate the group’s continuous evolution and increasing capabilities.”
Unit 42’s analysis uncovered two new portable executables, KLogEXE and FPSpy, within Sparkling Pisces’ infrastructure.
KLogExe, a C++ keylogger, and FPSpy, a backdoor variant, are used to gather sensitive data and execute malicious commands on compromised systems.
The malware strains are capable of collecting sensitive information, monitoring activities, and running arbitrary commands on infected machines.
Researchers also noted similarities in the source code of both malware, indicating a high likelihood that they share the same author.
“Most targets observed originated from South Korea and Japan, aligning with previous Kimsuky targeting,” the researchers stated.