[Webinar] Unveiling the Dark Web: Protecting Your Business from Hidden Threats

Another CloudDragon attack abusing VPN zero-day vulnerability to target South Korean entities

2021.07.01TeamT5 Media Center
The North Korean APT group CloudDragon, also known as Kimsuky, continues to target South Korean governments and organizations. TeamT5 has been actively monitoring this threat actor and we recently discovered CloudDragon abusing VPN zero-day vulnerability to launch a new attack against South Korean entities.

TeamT5's Vulnerability Research Results

TeamT5 recently discovered two malicious samples circulating in South Korea, and both samples are installers of a newly identified backdoor which we named MemzipRAT. With further investigation, we believe this attack was aiming at a South Korean company in the aerospace sector. The company is part of a top 10 conglomerate in South Korea, whose business includes aerospace, chemicals, financial services, IT, etc.
In fact, CloudDragon has been accused of using VPN vulnerabilities to attack numerous entities recently, including Korean government agencies. According to TeamT5’s threat intelligence, we hold high confidence that the above malware to be follow-up attacks of the disclosed attack campaign conducted by CloudDragon. As the exploitation starts from a popular VPN system, these campaigns might lead to massive attacks and damage in the near future. And TeamT5 will keep taking careful attention to CloudDragon's recent campaign for it might end up a severe supply chain attack.

*Image courtesy of Pixabay
2021.07.01TeamT5 Media Center

Related Post

Threat Intelligence

CloudDragon's Campaign: VPN Zero-day Vulnerability + New Backdoor

supply chain attack, cyber espionage, CloudDragon, cyber threat intelligence, threat hunting
We use cookies to provide you with the best user experience. By continuing to use this website, you agree to ourPrivacy & Cookies Policy.