South Korean researchers have spotted a new wave of activity from the Kimsuky hacking group, involving commodity open-source remote access tools dropped with their custom backdoor, Gold Dragon. The group has demonstrated impressive operational versatility and threat activity pluralism, engaging in malware distribution, phishing, data collection, and even cryptocurrency theft. The latest campaign, spotted by analysts at ASEC (AhnLab), uses xRAT in targeted attacks against South Korean entities. The campaign started on January 24, 2022, and is still ongoing.”]

