Numerous backdoors deployed in new Kimsuky spear-phishing attacks

Organizations have been targeted by North Korean state-sponsored hacking operation Kimsuky with new spear-phishing attacks that deployed different backdoors, including AppleSeed, TinyNuke, and Meterpreter, The Hacker News reports. Further payload delivery and data exfiltration activities have been conducted by Kimsuky through the Windows-based backdoor AppleSeed, also known as JamBog, with the group also leveraging the malware's Golang-based variant AlphaSeed in intrusions since October 2022, a report from the AhnLab Security Emergency Response Center revealed. "A notable point about attacks that use AppleSeed is that similar methods of attack have been used for many years with no significant changes to the malware that are used together," said ASEC. Moreover, Kimsuky enabled impacted system hijacking with the TinyNuke malware, also known as Nuclear Bot, as well as the TightVNC and Meterpreter backdoors. Such findings follow a recent Nisos report detailing North Korean IT workers' usage of fraudulent online profiles to seek U.S. employment and fund their country's illicit efforts.