![]() ![]() "This is especially true when the targets are individuals, like in the recent campaign spotted by ASEC, who lack larger organizations' sophisticated threat detection tools. ![]() "APT37 continues to refresh its custom toolset with evasive malware that is challenging to detect and analyze," said ASEC. According to ASEC, this makes analysis harder, as security researchers have to analyze the memory of infected devices to retrieve the commands and data used by the malware. The malware uses a shared memory section for command and control (C2) communication, data exfiltration, and the direct transfer of stolen data to the C2 without storing them in the compromised system. It also has the ability to scan for portable devices connected to the Windows computer, such as smartphones or tablets, and copy any documents and voice recording files found to the PC for exfiltration to the attacker's server. The M2RAT backdoor acts as a basic remote access trojan that performs keylogging, data theft, command execution, and the taking of screenshots from the desktop. The exploit triggers shellcode to run on a victim's computer that downloads and executes a malicious executable stored within a JPEG image. In a new report released today by AhnLab Security Emergency response Center (ASEC), researchers explain how the threat actors are using a malicious attachment in phishing emails to exploit an old EPS vulnerability ( CVE-2017-8291) in the Hangul word processor commonly used in South Korea. The Wrong People Are Using Steganography. The North Korean cyber espionage hacking group APT37, also known as 'RedEyes' or 'ScarCruft,' is using a new evasive malware strain called 'M2RAT' to target individuals for intelligence collection. A new report from Kaspersky Lab shows steganography use is on the rise among both cybercrime groups and individuals conducting cyber espionage. ![]()
0 Comments
Leave a Reply. |