Kimsuky and Lazarus Deploy New Malware in Cyber Espionage

The Kimsuky group has been found using a new backdoor called HttpTroy, while the Lazarus Group has deployed an upgraded BLINDINGCAN RAT. Both campaigns show advanced obfuscation and persistence techniques, targeting victims in multiple regions. The Kimsuky attack used a phishing email with a VPN invoice lure, leading to a multi-stage infection. The Lazarus Group's attack, detected mid-chain, involved a new Comebacker variant and targeted two victims in a country.

Latest mentioned: 11-03

Earliest mentioned: 10-31

Sources

securityonline.info thehackernews.com gbhackers.com cybersum.net

Also Read

Operation SkyCloak: Stealthy Cyber Espionage Targets Military

Researchers at SEQRITE Labs have uncovered Operation SkyCloak, a sophisticated cyber espionage campaign targeting military personnel. The operation uses a multi-stage PowerShell-based intrusion chain for persistent, covert remote access within military and defense networks. SkyCloak stands out due to its unusual targeting pattern, focusing on multiple military units and utilizing Tor-based communication for anonymity. The campaign employs advanced evasion techniques, including anti-sandbox checks and obfuscated PowerShell execution, to maintain stealth.

11-03Read more →