Verticals Targeted: Military, Law Enforcement, Government
Regions Targeted: Ukraine
Executive Summary
KoSpy is a sophisticated Android spyware linked to North Korean threat actor Ricochet Chollima. It has been targeting Korean and English-speaking users since March 2022.
Verticals Targeted: Insurance, Aerospace, Transportation, Education, Finance, Technology, Healthcare, Automotive, Hospitality, Energy, Government, Media, Manufacturing, Telecommunications
Executive Summary
An espionage campaign delivering the Voldemort backdoor was recently observed targeting over 70 organizations. The campaign uses a novel attack chain to deliver the malware, leveraging Google Sheets for command and control (C2).
Related Families: Dtrack, Dora RAT, TigerRAT, SmallTiger, LightHand, ValidAlpha
Verticals Targeted: Military, Defense, Engineering, Technology, Education, Construction, Manufacturing, Gambling, Energy
Executive Summary
Last week, the US Department of Justice (DOJ) indicted Rim Jong Hyok, an individual allegedly affiliated with Silent Chollima. The group has been active since at least 2014 and is known to conduct espionage operations on behalf of North Korea.
Related Families: Macma, Suzafk
Verticals Targeted: NGO
Executive Summary
Evasive Panda recently updated its arsenal to include new TTPs and updated versions of existing malware. They were also observed using a shared framework for malware targeting Windows, Linux, MacOS, and Android systems.
Executive Summary
Pakistan-based threat actor group Mythic Leopard was recently observed using new CapraRAT samples to expand their targeting.
Verticals Targeted: Government