Cisco Talos researchers identified a new threat by a North Korea-linked APT group known as Kimsuky, which deployed a remote access trojan called MoonPeak. Although the specific targets have not been publicly disclosed, the RAT, evolved from XenoRAT, suggests a highly sophisticated espionage campaign. This could potentially lead to significant data breaches, intellectual property theft, and security compromise. The involvement of a nation-state actor and the continuous development of MoonPeak imply the possibility of critical impacts on infrastructure and geopolitical stability.
Source: https://securityaffairs.com/167340/malware/north-korea-apt-moonpeaknorth.html
TPRM report: https://scoringcyber.rankiteo.com/company/cisco-talos-intelligence-group
"id": "cis001082924",
"linkid": "cisco-talos-intelligence-group",
"type": "Cyber Attack",
"date": "8/2024",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'attack_vector': 'Remote Access Trojan (RAT)',
'data_breach': {'type_of_data_compromised': ['Intellectual Property']},
'description': 'Cisco Talos researchers identified a new threat by a North '
'Korea-linked APT group known as Kimsuky, which deployed a '
'remote access trojan called MoonPeak. Although the specific '
'targets have not been publicly disclosed, the RAT, evolved '
'from XenoRAT, suggests a highly sophisticated espionage '
'campaign. This could potentially lead to significant data '
'breaches, intellectual property theft, and security '
'compromise. The involvement of a nation-state actor and the '
'continuous development of MoonPeak imply the possibility of '
'critical impacts on infrastructure and geopolitical '
'stability.',
'impact': {'data_compromised': ['Data Breaches',
'Intellectual Property Theft']},
'motivation': 'Espionage',
'threat_actor': 'Kimsuky',
'title': 'Kimsuky APT Group Deploys MoonPeak RAT',
'type': 'Espionage Campaign'}