Researchers from Palo Alto Networks recorded a new activity by Kimsuky hackers, who have introduced two new malware samples – Klogexe and FPSPY. Experts suggest that these new programs enhance the capabilities of the group, showcasing their evolution and expanding opportunities.
Operating since 2012, Kimsuky, also known as APT43, Archipelago, Black Banshee, Emorald Sleet, Sparkling Pisces, SpringTail, and Velvet Chollima, specializes in targeted phishing campaigns, where malicious emails are sent from seemingly trusted sources.
According to Assaf Dahan, director of Palo Alto Networks’ threat studies, the new malicious programs are primarily distributed through phishing attacks. The hackers craft convincing emails that prompt the victim to open a ZIP file, containing hidden malicious files. Once launched, an infection chain is triggered, leading to the installation of Klogexe and FPSPY.
KLOGEXE is a version of the Keilger Infokey written in C++, previously identified in the Kimsuki campaign against Japanese organizations. On the other hand, FPSPY is a backdoor variant reminiscent of the 2020 KGH_SPY malware, first discovered in 2022 by ASEC.
Both malware strains come equipped with data collection capabilities for advanced applications on infected devices, keystroke and mouse click interception, as well as systemic information gathering. FPSPY also has the functionality to download additional content, execute arbitrary commands, and analyze disks, folders, and files on the infected device.
Unit 42 researchers have identified similarities in the source code of Klogexe and FPSPY, suggesting a common development history. The main targets of the current Kimsuky campaign are organizations in Japan and South Korea, with Dahan noting that the activities are highly targeted, affecting a limited number of countries and industries.
The continuous advancement of hacker groups underscores the importance of ongoing training and adapting defensive measures. Just like in nature, where predators and prey evolve together, the digital space sees a constant race between attackers and defenders. It is crucial for organizations to recognize this dynamic and invest in developing skills and protective technologies to ensure their security.