Researchers at Gen Threat Labs have uncovered new toolsets used by North Korean threat actors, including Kimsuky’s HttpTroy backdoor and an upgraded Lazarus Group RAT. These sophisticated tools demonstrate ongoing investment in stealthy cyber espionage activities targeting global victims. #Kimsuky #LazarusGroup #HttpTroy #BLINDINGCAN
Keypoints
- The Kimsuky group used a phishing attack with a ZIP file disguised as a VPN invoice to deploy HttpTroy.
- HttpTroy employs layered obfuscation techniques, including runtime string reconstruction and encrypted communications.
- Lazarus Group upgraded its BLINDINGCAN RAT with multi-layer encryption, expanding command capabilities.
- Both groups focus on stealthy persistence, remote control, and data theft across South Korea and Canada.
- The tools’ evolving complexity indicates DPRK threat actors are continually refining their cyber-espionage arsenals.