Recent findings indicate that Kimsuky deployed HttpTroy, while Lazarus introduced a new variant of BLINDINGCAN, evidencing their technical sophistication and continued evolution in state-sponsored cyber operations. Kimsuky’s campaign targeted a South Korean victim using deceptive social engineering through a disguised ZIP archive, while Lazarus aimed at two Canadian entities, employing complex methods for establishing persistence.
The Kimsuky operation features a three-stage infection strategy involving a GO-based dropper, which masquerades as a legitimate invoice while establishing backdoor access via registry manipulations and scheduled tasks mimicking antivirus updates. HttpTroy allows attackers significant control over the infected systems, including file manipulation and command execution.
Both operations exemplify meticulous planning and execution, utilizing advanced obfuscation techniques and dynamic communication protocols to evade detection by traditional security measures. This reflects a significant understanding of modern defensive strategies and the importance of adapting cyber tactics to the evolving security landscape.
👉 Pročitaj original: Cyber Security News
