North Korean based backdoor packs a punch
This report analyzes a new threat campaign discovered in late May featuring multiple layers and ultimately delivering a previously undocumented backdoor. The campaign specifically targets Aerospace and Defense companies sectors of particular interest to North Korean threat groups. The backdoors analyzed are simple yet powerful tools with various obfuscation techniques and capabilities like reconnaissance data collection and remote control. While attribution is made with low confidence to the Kimsuky threat group there are indications of multiple developers potentially involved including the possible outsourcing of some malware creation capabilities.