KGH_SPY

Malware updated 6 months ago (2024-05-04T16:16:09.955Z)
Download STIX
Preview STIX
The KGH_SPY malware is a modular suite of tools used by threat actors for reconnaissance, keylogging, information stealing, and backdoor capabilities. Cybereason Nocturnus discovered this previously undocumented spyware which provides Kimsuky with stealth capabilities to carry out espionage operations. Furthermore, the researchers also found CSPY Downloader, a tool designed to evade analysis and download additional payloads. The downloader serves as an initial infection vector that facilitates the installation of the KGH_SPY suite. It uses an encrypted configuration file and employs several anti-analysis techniques to remain hidden from security systems. Overall, the KGH_SPY malware represents a significant threat to organizations, especially those targeted by state-sponsored actors. Its modular design and stealthy capabilities allow attackers to infiltrate targets, gather intelligence, and exfiltrate sensitive data without detection. Security teams should remain vigilant and use advanced threat detection solutions capable of identifying and mitigating such sophisticated threats.
Description last updated: 2023-06-23T18:33:31.705Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the KGH_SPY Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
MITRE
2 years ago