Today > 2 Critical | 6 High | 8 Medium | 1 Low vulnerabilities   -   You can now download lists of IOCs here!

Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy

Sept. 27, 2024, 5:47 p.m.

Description

Unit 42 researchers have uncovered two new malware samples used by the North Korean threat group Sparkling Pisces (aka Kimsuky). These include an undocumented keylogger called KLogEXE and a variant of a backdoor named FPSpy. The analysis reveals the group's evolving capabilities and extensive arsenal. Both malware samples share code similarities and utilize sophisticated techniques for data exfiltration and command execution. The research highlights Sparkling Pisces' continuous evolution, expanding infrastructure, and targeting of South Korean and Japanese entities. The discovery enhances understanding of the group's tactics and provides insights for better defense against such threats.

Date

Published: Sept. 26, 2024, 4:15 p.m.

Created: Sept. 26, 2024, 4:15 p.m.

Modified: Sept. 27, 2024, 5:47 p.m.

Attack Patterns

KLogEXE

FPSpy

Sparkling Pisces

T1074

T1059.001

T1056.001

T1113

T1082

T1057

T1105

T1083

T1020

T1140

T1132

T1027

Additional Informations

Technology

Government

Japan