Overview

The Kimsuky group’s activities in February 2023 were very significant in comparison to their activities in January. Many new types were discovered, including a variant of FlowerPower which stole information stored in browsers via the GitHub API, a DLL version of xRAT, and a new type of RAT called TutRAT.

The number of Fully Qualified Domain Names (FQDNs) tripled compared to the previous month, most of which were FlowerPower, Random Query, and AppleSeed types. There was also an actual attack targeting a university professor, and details of this have been shared on the ASEC Blog.

Attack Statistics

Compared to the number of FQDNs in the January 2023 Threat Trend Report on Kimsuky Group published on March 3, 2023, the FQDNs of all attack types showed a 3-fold increase. The most commonly detected types were FlowerPower, Random Query, and AppleSeed, in order.

ATIP_2023_Feb_Threat Trend Report on Kimsuky Group

AhnLab MDS detects and responds to unknown threats by performing sandbox-based dynamic analysis. For more information about the product, please visit our official website.

The post February 2023 Threat Trend Report on Kimsuky Group appeared first on ASEC BLOG.

Article Link: https://asec.ahnlab.com/en/51469/