APT Earth Kitsune delivers new WhiskerSpy malware via watering hole attack

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

Earth Kitsune, an advanced persistent threat (APT) actor known for targeting individuals interested in North Korea, also China, Brazil, and Japan and has been found to be using a new backdoor called “WhiskerSpy” in a recent campaign. The group used a social engineering tactic in a watering hole attack, luring visitors to a pro-North Korean website with a fake error message and offering a trojanized codec installer that loaded the WhiskerSpy backdoor on their systems.