North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials - Related to british, breach,, korean, microsoft, details
British engineering firm IMI discloses breach, shares no details
British-based engineering firm IMI plc has disclosed a security breach after unknown attackers hacked into the enterprise's systems.
IMI is a global engineering group with manufacturing facilities in 18 countries, focused on precision fluid engineering and providing services in the process and industrial automation, climate control, life science, and transport sectors.
Listed on the London Stock Exchange since 1966, it is included in the FTSE100 Index (the United Kingdom's best-known stock market index) and employs around 10,000 people in over 50 countries across three divisions (IMI Hydronic, Norgren, and IMI Critical).
In a statement today, the organization mentioned it hired cybersecurity experts to investigate the incident's impact after detecting "unauthorised access" to its systems.
"As soon as IMI became aware of the unauthorised access, the corporation engaged external cyber security experts to investigate and contain the incident," IMI added in a filing with the London Stock Exchange.
"In parallel, the organization is taking the necessary steps to comply with our regulatory obligations. An enhancement will be provided as and when appropriate."
An IMI spokesperson declined to comment when asked by BleepingComputer provide more details about the attack, such as the date it was detected, whether it impacted its operations, and whether the threat actors stole organization or customer information from compromised systems.
In a similar statement issued last week, London-based engineering giant Smiths Group also disclosed a breach after its systems were compromised. Like IMI, it has yet to share whether business or customer data was stolen during the incident and when the breach was detected.
Earlier this month, American business services firm and government contractor Conduent confirmed that a recent outage was caused by a "cyber security incident," and Hewlett Packard Enterprise (HPE) revealed that it was investigating breach asserts after a threat actor revealed they stole documents from the corporation's developer environments.
[website] domain registry Nominet has also confirmed that its network was breached in early January using an Ivanti VPN zero-day vulnerability, exploited in attacks linked to a suspected China-linked espionage group tracked as UNC5337.
President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation’s cybers......
Ransomware attacks netted cybercrime groups a total of $[website] million in 2024, a decline from $[website] billion in 2023.
A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels......
North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials
The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, (ASEC).
The attacks commence with phishing emails containing a Windows shortcut (LNK) file that's disguised as a Microsoft Office or PDF document.
Opening this attachment triggers the execution of PowerShell or [website], a legitimate Microsoft binary designed to run HTML Application (HTA) files, that are responsible for downloading and running next-stage payloads from an external source.
The South Korean cybersecurity firm mentioned the attacks culminated in the deployment of a known trojan dubbed PEBBLEDASH and a custom version of an open-source Remote Desktop utility named RDP Wrapper.
Also delivered as part of the attacks is a proxy malware that allows the threat actors to establish persistent communications with an external network via RDP.
Furthermore, Kimsuky has been observed using a PowerShell-based keylogger to record keystrokes and a new stealer malware codenamed forceCopy that's used to copy files stored in web browser-related directories.
"All of the paths where the malware is installed are web browser installation paths," ASEC mentioned. "It is assumed that the threat actor is attempting to bypass restrictions in a specific environment and steal the configuration files of the web browsers where credentials are stored."
The use of tools RDP Wrapper and proxies to commandeer infected hosts points to tactical shift for Kimsuky, which has historically leveraged bespoke backdoors for this purpose.
The threat actor, also referred to as APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, TA427, and Velvet Chollima, is assessed to be affiliated with the Reconnaissance General Bureau (RGB), North Korea's primary foreign intelligence service.
Active since at least 2012, Kimusky has a track record of orchestrating tailored social engineering attacks that are capable of bypassing email security protections. In December 2024, cybersecurity business Genians revealed that the hacking crew has been sending phishing messages that originate from Russian services to conduct credential theft.
Payments to ransomware actors decreased 35% year-over-year in 2024, totaling $[website] million, down from $[website] billion recorded in 2023.
Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT.
Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrar......
Critical RCE bug in Microsoft Outlook now exploited in attacks
CISA warned [website] federal agencies on Thursday to secure their systems against ongoing attacks targeting a critical Microsoft Outlook remote code execution (RCE) vulnerability.
Discovered by Check Point vulnerability researcher Haifei Li and tracked as CVE-2024-21413, the flaw is caused by improper input validation when opening emails with malicious links using vulnerable Outlook versions.
The attackers gain remote code execution capabilities because the flaw lets them bypass the Protected View (which should block harmful content embedded in Office files by opening them in read-only mode) and open malicious Office files in editing mode.
When it patched CVE-2024-21413 one year ago, Microsoft also warned that the Preview Pane is an attack vector, allowing successful exploitation even when previewing maliciously crafted Office documents.
As Check Point explained, this security flaw (dubbed Moniker Link) lets threat actors bypass built-in Outlook protections for malicious links embedded in emails using the file:// protocol and by adding an exclamation mark to URLs pointing to attacker-controlled servers.
The exclamation mark is added right after the file extension, together with random text (in their example, Check Point used "something"), as shown below:
CVE-2024-21413 affects multiple Office products, including Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, Microsoft Outlook 2016, and Microsoft Office 2019, and successful CVE-2024-21413 attacks can result in the theft of NTLM credentials and the execution of arbitrary code via maliciously crafted Office documents.
On Thursday, CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, marking it as actively exploited. As mandated by the Binding Operational Directive (BOD) 22-01, federal agencies must secure their networks within three weeks by February 27.
"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," the cybersecurity agency warned.
While CISA primarily focuses on alerting federal agencies about vulnerabilities that should be patched as soon as possible, private organizations are also advised to prioritize patching these flaws to block ongoing attacks.
Ransomware attacks netted cybercrime groups a total of $[website] million in 2024, a decline from $[website] billion in 2023.
The North Korean threat actor known as the Lazarus Group has been observed leveraging a.
A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticat......
Market Impact Analysis
Market Growth Trend
| 2018 | 2019 | 2020 | 2021 | 2022 | 2023 | 2024 |
|---|---|---|---|---|---|---|
| 8.7% | 10.5% | 11.0% | 12.2% | 12.9% | 13.3% | 13.4% |
Quarterly Growth Rate
| Q1 2024 | Q2 2024 | Q3 2024 | Q4 2024 |
|---|---|---|---|
| 12.5% | 12.9% | 13.2% | 13.4% |
Market Segments and Growth Drivers
| Segment | Market Share | Growth Rate |
|---|---|---|
| Network Security | 26% | 10.8% |
| Cloud Security | 23% | 17.6% |
| Identity Management | 19% | 15.3% |
| Endpoint Security | 17% | 13.9% |
| Other Security Solutions | 15% | 12.4% |
Technology Maturity Curve
Different technologies within the ecosystem are at varying stages of maturity:
Competitive Landscape Analysis
| Company | Market Share |
|---|---|
| Palo Alto Networks | 14.2% |
| Cisco Security | 12.8% |
| Crowdstrike | 9.3% |
| Fortinet | 7.6% |
| Microsoft Security | 7.1% |
Future Outlook and Predictions
The British Engineering Firm landscape is evolving rapidly, driven by technological advancements, changing threat vectors, and shifting business requirements. Based on current trends and expert analyses, we can anticipate several significant developments across different time horizons:
Year-by-Year Technology Evolution
Based on current trajectory and expert analyses, we can project the following development timeline:
Technology Maturity Curve
Different technologies within the ecosystem are at varying stages of maturity, influencing adoption timelines and investment priorities:
Innovation Trigger
- Generative AI for specialized domains
- Blockchain for supply chain verification
Peak of Inflated Expectations
- Digital twins for business processes
- Quantum-resistant cryptography
Trough of Disillusionment
- Consumer AR/VR applications
- General-purpose blockchain
Slope of Enlightenment
- AI-driven analytics
- Edge computing
Plateau of Productivity
- Cloud infrastructure
- Mobile applications
Technology Evolution Timeline
- Technology adoption accelerating across industries
- digital transformation initiatives becoming mainstream
- Significant transformation of business processes through advanced technologies
- new digital business models emerging
- Fundamental shifts in how technology integrates with business and society
- emergence of new technology paradigms
Expert Perspectives
Leading experts in the cyber security sector provide diverse perspectives on how the landscape will evolve over the coming years:
"Technology transformation will continue to accelerate, creating both challenges and opportunities."
— Industry Expert
"Organizations must balance innovation with practical implementation to achieve meaningful results."
— Technology Analyst
"The most successful adopters will focus on business outcomes rather than technology for its own sake."
— Research Director
Areas of Expert Consensus
- Acceleration of Innovation: The pace of technological evolution will continue to increase
- Practical Integration: Focus will shift from proof-of-concept to operational deployment
- Human-Technology Partnership: Most effective implementations will optimize human-machine collaboration
- Regulatory Influence: Regulatory frameworks will increasingly shape technology development
Short-Term Outlook (1-2 Years)
In the immediate future, organizations will focus on implementing and optimizing currently available technologies to address pressing cyber security challenges:
- Technology adoption accelerating across industries
- digital transformation initiatives becoming mainstream
These developments will be characterized by incremental improvements to existing frameworks rather than revolutionary changes, with emphasis on practical deployment and measurable outcomes.
Mid-Term Outlook (3-5 Years)
As technologies mature and organizations adapt, more substantial transformations will emerge in how security is approached and implemented:
- Significant transformation of business processes through advanced technologies
- new digital business models emerging
This period will see significant changes in security architecture and operational models, with increasing automation and integration between previously siloed security functions. Organizations will shift from reactive to proactive security postures.
Long-Term Outlook (5+ Years)
Looking further ahead, more fundamental shifts will reshape how cybersecurity is conceptualized and implemented across digital ecosystems:
- Fundamental shifts in how technology integrates with business and society
- emergence of new technology paradigms
These long-term developments will likely require significant technical breakthroughs, new regulatory frameworks, and evolution in how organizations approach security as a fundamental business function rather than a technical discipline.
Key Risk Factors and Uncertainties
Several critical factors could significantly impact the trajectory of cyber security evolution:
Organizations should monitor these factors closely and develop contingency strategies to mitigate potential negative impacts on technology implementation timelines.
Alternative Future Scenarios
The evolution of technology can follow different paths depending on various factors including regulatory developments, investment trends, technological breakthroughs, and market adoption. We analyze three potential scenarios:
Optimistic Scenario
Rapid adoption of advanced technologies with significant business impact
Key Drivers: Supportive regulatory environment, significant research breakthroughs, strong market incentives, and rapid user adoption.
Probability: 25-30%
Base Case Scenario
Measured implementation with incremental improvements
Key Drivers: Balanced regulatory approach, steady technological progress, and selective implementation based on clear ROI.
Probability: 50-60%
Conservative Scenario
Technical and organizational barriers limiting effective adoption
Key Drivers: Restrictive regulations, technical limitations, implementation challenges, and risk-averse organizational cultures.
Probability: 15-20%
Scenario Comparison Matrix
| Factor | Optimistic | Base Case | Conservative |
|---|---|---|---|
| Implementation Timeline | Accelerated | Steady | Delayed |
| Market Adoption | Widespread | Selective | Limited |
| Technology Evolution | Rapid | Progressive | Incremental |
| Regulatory Environment | Supportive | Balanced | Restrictive |
| Business Impact | Transformative | Significant | Modest |
Transformational Impact
Technology becoming increasingly embedded in all aspects of business operations. This evolution will necessitate significant changes in organizational structures, talent development, and strategic planning processes.
The convergence of multiple technological trends—including artificial intelligence, quantum computing, and ubiquitous connectivity—will create both unprecedented security challenges and innovative defensive capabilities.
Implementation Challenges
Technical complexity and organizational readiness remain key challenges. Organizations will need to develop comprehensive change management strategies to successfully navigate these transitions.
Regulatory uncertainty, particularly around emerging technologies like AI in security applications, will require flexible security architectures that can adapt to evolving compliance requirements.
Key Innovations to Watch
Artificial intelligence, distributed systems, and automation technologies leading innovation. Organizations should monitor these developments closely to maintain competitive advantages and effective security postures.
Strategic investments in research partnerships, technology pilots, and talent development will position forward-thinking organizations to leverage these innovations early in their development cycle.
Technical Glossary
Key technical terms and definitions to help understand the technologies discussed in this article.
Understanding the following technical concepts is essential for grasping the full implications of the security threats and defensive measures discussed in this article. These definitions provide context for both technical and non-technical readers.
zero-day intermediate
Timeline showing vulnerability discovery to patch developmentransomware beginner
SOC intermediate
malware beginner
Common malware types and their characteristicsplatform intermediate
phishing beginner
Anatomy of a typical phishing attackRelated Articles
