Blog
Share This Post
[ad_1]
Attacks with the new VeilShell remote access trojan have been launched against Cambodia and other countries across Southeast Asia as part of the SHROUDED#SLEEP campaign suspected to be led by North Korean state-sponsored threat operation APT37 — also known as InkySquid, ScarCruft, Ruby Sleet, Ricochet Chollima, RedEyes, and Reaper, reports The Hacker News.
Malicious spear-phishing emails may have been leveraged by APT37 to spread a ZIP archive with an LNK file, which when executed launches a PowerShell code containing a DLL file that facilitates the retrieval of VeilShell, according to a Securonix report, which also noted the “methodical” nature of the attack campaign. Aside from enabling file information collection and folder compression, VeilShell also allows file downloads, renaming, and removal, as well as ZIP archive extraction. “The [VeilShell] backdoor trojan allows the attacker full access to the compromised machine. Some features include data exfiltration, registry, and scheduled task creation or manipulation,” said researchers.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
