Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Kimsuky HttpTroy backdoor activity against South Korean users

Malware Activity
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

Kimsuky has deployed the HttpTroy backdoor against South Korean users, expanding a multi-stage infection chain that is designed to evade detection. The malware gives operators full access to infected systems, including file movement, screenshots, and command execution. The activity matters because the tool also improves stealth through encrypted communications, payload obfuscation, and in-memory execution. The delivery chain uses a ZIP archive and a .scr file to launch the backdoor after user interaction.

Related Happenings

UAT-10027 U.S. education and healthcare targeting campaign

Campaign
First: 26.02.2026 17:17 Last: 26.02.2026 17:17 Sources 1

About this happening: **UAT-10027** is running an active **campaign** against **U.S. education and healthcare organizations**, and the activity matters because it delivers a new backdoor and supporting...

Open Happening

MgBot backdoor delivery and injection via secondary loader

Malware Activity
First: 26.12.2025 16:44 Last: 26.12.2025 16:44 Sources 1

About this happening: The **MgBot** backdoor was delivered through a **secondary loader** and injected into **svchost.exe**, giving operators a stealthy foothold on infected systems. The payload suppor...

Open Happening

NosyDoor backdoor activity using OneDrive and Google Drive C&C

Malware Activity
First: 18.12.2025 19:34 Last: 18.12.2025 19:34 Sources 1

About this happening: The **NosyDoor** backdoor is being used to **exfiltrate files** and run **shell commands** inside compromised networks, making the **LongNosedGoblin** toolset more dangerous. The...

Open Happening

UDPGangster backdoor deployed by MuddyWater

Malware Activity
First: 08.12.2025 08:46 Last: 08.12.2025 08:46 Sources 1

About this happening: The **MuddyWater** group has deployed **UDPGangster**, a new backdoor that uses **UDP C2** to control compromised systems and expand post-compromise access. The malware can **exec...

Open Happening

EdgeStepper-LittleDaemon-SlowStepper software-update malware delivery chain

Malware Activity
First: 19.11.2025 12:00 Last: 19.11.2025 12:00 Sources 1

About this happening: The **EdgeStepper** malware chain is **hijacking software-update traffic** to deliver **LittleDaemon** on **Windows**, creating a path to deploy **SlowStepper** on targeted system...

Open Happening

Timeline

  1. 05.11.2025 04:00 2 articles · 6mo ago

    Kimsuky deploys HttpTroy backdoor against South Korean users

    Initial Disclosure

    North Korean threat group Kimsuky deploys HttpTroy as the final stage of a multi-step infection chain against South Korean users, using a ZIP archive with a Microsoft Windows screensaver (.scr) file and the MemLoad loader to launch a backdoor that can move files, take screenshots, and execute commands while encrypting communications, obfuscating payloads, and running code in memory.

    Show sources
    Open in new tab