Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Phishing campaign attempts to spread a new brand of snooping malware

    GettyImages-543194863Danny Palmer at ZDNet had the scoop: "A cyber espionage campaign is targeting national security think tanks and academic institutions in the US in what's believed to be an intelligence gathering operation by a hacking group working out of North Korea.

    A series of spear-phishing attacks using fake emails with malicious attachments attempts to deliver a new family of malware, which researchers at Palo Alto Networks have identified and dubbed BabyShark. The campaign started in November and remained active at least into the new year.

    Among the known targets identified by researchers are an American university planning a conference around North Korea denuclearization and a research institute serving as a think tank around national security.

    The phishing emails are designed to look as if they've been sent by a security expert working as a consultant to national security thinks across the US and come with subjects referencing North Korean nuclear issues, as well as wider security subjects.

    As part of an intelligence-gathering campaign, the goal of the malware is to monitor the infected system and gather data.

    Analysis of BabyShark reveals connections to other suspected North Korean hacking campaigns Stolen Pencil and KimJongRAT. BabyShark is signed with the same stolen code signing certificate used in the Stolen Pencil campaign, with the two forms of malware the only two known to use it.

    Meanwhile, BabyShark and KimJongRAT use the same file path for storing collected information and those behind BabyShark appear to have tested samples of anti-virus detection alongside freshly compiled samples of KimJongRAT.

    The decoy files used in an attempt to deliver KimJongRAT, which also follow a very similar theme to the ones used in the BabyShark campaign, all relate to North Korea, nuclear deterrence and conferences on Asian affairs.

    All of that has led researchers to the conclusion that BabyShark is another North Korean hacking campaign — one which is attempting to keep a close eye on specially selected targets.

    "Well-crafted spear phishing emails and decoys suggest that the threat actor is well aware of the targets, and also closely monitors related community events to gather the latest intelligence," researchers said. Full Story: https://www.zdnet.com/article/phishing-campaign-attempts-to-spread-a-new-brand-of-snooping-malware

    Find out how affordable new-school security awareness training is for your organization. Get a quote now.

     
    Get A Quote
    Request A Demo
     

     

    Return To KnowBe4 Security Blog

    Topics: Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews