"New MoonPeak RAT Linked to North Korean Threat Group UAT-5394"

"MoonPeak," a newly discovered Remote Access Trojan (RAT) family, has been linked to the North Korean threat group "UAT-5394." Cisco Talos research shows that this sophisticated malware, based on the open source "XenoRAT," is actively being developed to avoid detection and improve functionality. UAT-5394 shares tactics, techniques, and procedures (TTPs) with the North Korean state-sponsored group "Kimsuky." There is no conclusive technical evidence that links UAT-5394 directly to Kimsuky, but the overlapping operational patterns make it likely that UAT-5394 is either a subgroup within Kimsuky or a separate entity inspired by Kimsuky. This article continues to discuss findings regarding the MoonPeak RAT and the group linked to it.

Infosecurity Magazine reports "New MoonPeak RAT Linked to North Korean Threat Group UAT-5394"

Submitted by grigby1

Submitted by Gregory Rigby on