Earth Kitsune, a cyber espionage group that targets individuals interested in North Korea, has been found deploying a new backdoor called WhiskerSpy in a social engineering campaign. The group has been active since 2019 and has previously used watering holes that leveraged browser exploits in Google Chrome and Internet Explorer to activate the infection chain.
The WhiskerSpy backdoor has capabilities to delete, enumerate, download and upload files, take screenshots, inject shellcode, load arbitrary executables, and Earth Kitsune continues to evolve its tools, tactics, and procedures.
