North Korean actors connected to nation-state hacking group Kimsuky have targeted machines using spear-phishing attacks, delivering backdoors like AppleSeed, Meterpreter, and TinyNuke. South Korean cybersecurity firm AhnLab reported these actors used similar methods for years without significant changes to their malware. Kimsuky has been active for over a decade, initially focusing on South Korea before widening its scope. It uses espionage campaigns involving spear-phishing attacks with malicious documents, which then deploy varying malware forms.

FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites
The Russian cybercrime group FIN7 is linked to a Python-based backdoor named Anubis, providing them remote access to compromised Windows systems, says Swiss cybersecurity firm