Home Security North Korea’s APT37 Focusing on Southern Counterpart with New M2RAT Malware

North Korea’s APT37 Focusing on Southern Counterpart with New M2RAT Malware

by crpt os


Feb 15, 2023Ravie LakshmananThreat Intelligence / Malware

The North Korea-linked threat actor tracked as APT37 has been linked to a piece of new malware dubbed M2RAT in attacks targeting its southern counterpart, suggesting continued evolution of the group’s features and tactics.

APT37, also tracked under the monikers Reaper, RedEyes, Ricochet Chollima, and ScarCruft, is linked to North Korea’s Ministry of State Security (MSS) unlike the Lazarus and Kimsuky threat clusters that are part of the Reconnaissance General Bureau (RGB).

According to Google-owned Mandiant, MSS is tasked with “domestic counterespionage and overseas counterintelligence activities,” with APT37’s attack campaigns reflective of the agency’s priorities. The operations have historically singled out individuals such as defectors and human rights activists.

“APT37’s assessed primary mission is covert intelligence gathering in support of DPRK’s strategic military, political, and economic interests,” the threat intelligence firm said.

The threat actor is known to rely on customized tools such as Chinotto, RokRat, BLUELIGHT, GOLDBACKDOOR, and Dolphin to harvest sensitive information from compromised hosts.

North Korea

“The main feature of this RedEyes Group attack case is that it used a Hangul EPS vulnerability and used steganography techniques to distribute malicious codes,” AhnLab Security Emergency response Center (ASEC) said in a report published Tuesday.

The infection chain observed in January 2023 commences with a decoy Hangul document, which exploits a now-patched flaw in the word processing software (CVE-2017-8291) to trigger shellcode that downloads an image from a remote server.

The JPEG file uses steganographic techniques to conceal a portable executable that, when launched, downloads the M2RAT implant and injects it into the legitimate explorer.exe process.

While persistence is achieved by means of a Windows Registry modification, M2RAT functions as a backdoor capable of keylogging, screen capture, process execution, and information theft. Like Dolphin, it’s also designed to siphon data from removable disks and connected smartphones.

“These APT attacks are very difficult to defend against, and the RedEyes group in particular is known to primarily target individuals, so it can be difficult for non-corporate individuals to even recognize the damage,” ASEC said.

This is not the first time CVE-2017-8291 has been weaponized by North Korean threat actors. In late 2017, the Lazarus Group was observed targeting South Korean cryptocurrency exchanges and users to deploy Destover malware, according to Recorded Future.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex