North Korean hackers shift to self-operated servers to deploy new malware family



News North Korean hackers shift to self-operated servers to deploy new malware family Cybercriminals’ use of server linked to Russian intelligence signals greater bilateral cyber cooperation, expert says Shreyas Reddy August 22, 2024 SHARE COPY LINK FACEBOOK X LINKEDIN MASTODON An illustration of a server network \| Image: NK Pro A North Korea-linked threat actor has deployed a new malware family and shifted from using legitimate cloud-based servers to operating its own infrastructure, according to a U.S. cybersecurity firm. The new remote access trojan (RAT) appears to be a modified version of the open-source XenoRAT malware previously linked to North Korean phishing operations, Cisco Talos said in a report published on Wednesday, dubbing the new malware family “MoonPeak.” XenoRAT has multiple functions, including allowing attackers to remotely load additional malicious payloads, launch and terminate processes and access the victim’s microphone. Talos Read More © Korea Risk Group. All rights reserved. No part of this content may be reproduced, distributed, or used for commercial purposes without prior written permission from Korea Risk Group. LATEST ANALYSIS 01How long-range strikes on Russia could impact North Korean troop deployments 02How North Korean hackers and IT workers collude to cause chaos 03What pro-Trump think tanks reveal about his likely North Korea policy priorities 04Yoon bet on US to deter North Korea. Now he faces an alliance skeptic in Trump. 05All the question marks hanging over Trump’s approach to North Korea in term two 06Time almost up for North Korea’s plan to launch 3 military satellites in 2024 07Trump return rekindles prospects of North Korea talks, but Russia stands in way 08How China could benefit from North Korea’s troop deployment to Ukraine

News

North Korean hackers shift to self-operated servers to deploy new malware family

Cybercriminals’ use of server linked to Russian intelligence signals greater bilateral cyber cooperation, expert says

Shreyas Reddy August 22, 2024

North Korean hackers shift to self-operated servers to deploy new malware family

An illustration of a server network | Image: NK Pro

A North Korea-linked threat actor has deployed a new malware family and shifted from using legitimate cloud-based servers to operating its own infrastructure, according to a U.S. cybersecurity firm.

The new remote access trojan (RAT) appears to be a modified version of the open-source XenoRAT malware previously linked to North Korean phishing operations, Cisco Talos said in a report published on Wednesday, dubbing the new malware family “MoonPeak.”

XenoRAT has multiple functions, including allowing attackers to remotely load additional malicious payloads, launch and terminate processes and access the victim’s microphone.

Talos

01How long-range strikes on Russia could impact North Korean troop deployments
02How North Korean hackers and IT workers collude to cause chaos
03What pro-Trump think tanks reveal about his likely North Korea policy priorities
04Yoon bet on US to deter North Korea. Now he faces an alliance skeptic in Trump.
05All the question marks hanging over Trump’s approach to North Korea in term two
06Time almost up for North Korea’s plan to launch 3 military satellites in 2024
07Trump return rekindles prospects of North Korea talks, but Russia stands in way
08How China could benefit from North Korea’s troop deployment to Ukraine

North Korean hackers shift to self-operated servers to deploy new malware family

LATEST ANALYSIS

Similar Articles

About the Author

Shreyas Reddy