New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea

A North Korea-linked threat actor, Kimsuky, has deployed a new backdoor named HttpTroy in a targeted cyberattack on South Korea, masquerading as a VPN invoice to deliver malware. Simultaneously, the Lazarus Group attacked two victims in Canada, deploying Comebacker and an upgraded BLINDINGCAN remote access trojan, showcasing the evolving sophistication of DPRK-linked actors.