Russian Security Firm Kaspersky Lab has revealed that it has been following a sustained attack on South Korea by hackers seemingly based in North Korea. This new Cyber Espionage campaign dubbedhas targeted several South Korean think tanks. The researchers identified 10 IP addresses indicating that the attackers used networks in China’s Jilin and Liaoning provinces. The malware does not include a custom back door, instead the attackers modified a TeamViewer client as a remote control module. Bot agents communicate with C&C through the Bulgarian web-based free email server (mail.bg), it maintains a hard coded credentials for its e-mail account. After authenticating, the malware sends emails to another specified email address, and reads emails from the Inbox.
Source: https://thehackernews.com/2013/09/Kimsuky-malware-Cyber-Espionage-campaign-South-Korea.html