Cisco Talos reported the discovery of MoonPeak, a remote access trojan linked to a North Korean hacker group, showcasing a significant evolution in cyber threat tactics.
One of the notable features of MoonPeak is its capability to load additional plugins and communicate with a command-and-control (C2) server, similar to its predecessor Xeno RAT.
As parts of the campaign's infrastructure evolve, it has moved from utilizing third-party cloud services to developing dedicated servers for hosting malicious payloads, indicating advanced strategic planning.
Researchers highlighted a key strategy of the threat actor involving the use of new infrastructure to update existing malware while continuing to evolve MoonPeak in response to security challenges.
Collection
[
|
...
]