North Korean hackers mix code from proven malware campaigns to avoid detection

North Korean hackers have been found utilising new techniques to avoid malware detection, according to a study by SentinelOne. The attackers use two different malware strains, RustBucket and KandyKorn, and blend their elements. This combined method uses the RustBucket dropper, SwiftLoader, to deploy the KandyKorn remote access trojan. Research shows these methods are likely part of the same infection chain, making use of shared infrastructure to broaden their impact.