The Cybereason Nocturnus Team has identified a newly discovered modular spyware suite dubbed KGH_SPY and a new malware strain dubbed CSPY Downloader. This is being employed in attacks by the cyber espionage group Kimsuky, which is believed to be operating on behalf of the North Korean regime. This APT group has been observed targeting a wide array of victims that include public and private sector companies in the U.S., Europe, Japan, South Korea, and Russia.
The target organizations include pharmaceutical and research companies working on COVID-19 therapies, government and defense organizations, journalists, and various human rights groups.
Disable macros and install an endpoint protection solution to help mitigate similar attacks.
Consider social engineering awareness and training, which are key in preventing such attacks.
Periodically proactively hunt in your environment for potential attacks on sensitive assets.
We highly recommend every customer enable the following features: