Kaspersky cybersecurity experts: Victims navigate to a URL pointing to a ZIP archive with 2 files: a decoy document and a malicious LNK that leads to malware infection.
Volexity cybersecurity experts: The North Korea’s APT uses a fake trading website, that mimic a legit one, and DLL Side-loading to distribute the malware.
The APT exploited the Log4Shell vulnerability, installed XMRig, moved laterally to the domain controller (DC), compromised credentials, and implanted Ngrok reverse proxies.
CERT-UA cybersecurity experts: "Free primary legal aid" email and password protected "Algorithm of actions of members of the family of a missing serviceman LegalAid.rar" spread the malware.
Cleafy cybersecurity experts: Threat actors behind the malware now target a specific financial institution at a time, and change their focus only once the victim starts to implement countermeasures.
Sentinel Labs cybersecurity experts: The the pro-China APT seeks initial access via document lures with porn themes and makes heavy use of USB shortcut techniques to spread malware.
Stairwell cybersecurity experts: The new North Korea’s malware spread via messages sent from the personal email of a former director of South Korea’s National Intelligence Service (NIS).