OTTAWA —
South Korean President Yoon Suk Yeol is set to discuss trade and security issues with Prime Minister Justin Trudeau during a scheduled visit to Canada next week.
Yoon is to visit Toronto and Ottawa on Sept. 22 and 23 in what Trudeau’s office says is his first bilateral visit abroad since he was elected in March.
A statement says Trudeau is to meet with Yoon while he is in Ottawa.
Trudeau plans to discuss ways the two countries can strengthen their trade relationship by working more closely on energy, including electric vehicle batteries and critical minerals, and supply chains.
The two are also set to talk about regional security issues on the Korean Peninsula, such as monitoring of North Korean maritime activities.
Also on the agenda are discussions that are expected to see the two leaders continue condemning the Russian invasion of Ukraine and reaffirming their support for the Ukrainian people.
This report by The Canadian Press was first published Sept. 17, 2022.
https://spinsafe.com/wp-content/uploads/2022/09/1663432210_image.jpg349620SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2022-09-17 12:30:072022-09-17 12:30:07South Korean president to visit Canada, talk trade, energy and security with Trudeau
Lazarus, also known as Hidden Cobra or Zinc, is a known nation-state cyberespionage threat actor originating from North Korea, according to the U.S. government. The threat actor has been active since 2009 and has often switched targets through time, probably according to nation-state interests.
Between 2020 and 2021, Lazarus compromised defense companies in more than a dozen countries including the U.S. It also targeted selected entities to assist strategic sectors such as aerospace and military equipment.
The threat actor is now aiming at energy providers, according to a new report from Cisco Talos.
Lazarus often uses very similar techniques from one attack to the other, as exposed by Talos (Figure A).
Figure A
Image: Cisco Talos. Full attack scheme from the current Lazarus operation.
In the campaign reported by Talos, the initial vector of infection is the exploitation of the Log4j vulnerability on internet-facing VMware Horizon servers.
Once the targeted system is compromised, Lazarus downloads its toolkit from a web server it controls.
Talos has witnessed three variants of the attack. Each variant consists of another malware deployment. Lazarus could use only VSingle, VSingle and MagicRAT, or a new malware dubbed YamaBot.
Variations in the attack also imply using other tools such as mimikatz for credential harvesting, proxy tools to set up SOCKs proxies, or reverse tunneling tools such as Plink.
Lazarus also checks for installed antivirus on endpoints and disables Windows Defender antivirus.
The attackers also copy parts of Windows Registry Hives, for offline analysis and possible exploitation of credentials and policy information, and gather information from the Active Directory before creating their own high-privileged users. These users would be removed once the attack is fully in place, in addition to removing temporary tools and cleaning Windows Event logs.
At this point, the attackers then take their time to explore the systems, listing multiple folders and putting those of particular interest, mostly proprietary intellectual property, into a RAR archive file for…
https://spinsafe.com/wp-content/uploads/2022/09/Top-Malware-strains.jpeg6751200SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2022-09-14 16:00:132022-09-14 16:00:13North Korean cyberespionage actor Lazarus targets energy providers with new malware
North Korean hackers are attempting to lure in cryptocurrency experts via bogus job offers for crypto exchange platform Coinbase.
As reported by Bleeping Computer, a campaign orchestrated by the well known North Korean Lazarus hacking group has been uncovered, and its target is those involved in the increasingly popular fintech (financial technology) industry.
In what is clearly part of a social engineering attack, the hacking group engages in conversation with targets through LinkedIn, which ultimately culminates in a job offer being presented to the potential victim.
Coinbase is a leading cryptocurrency exchange company, so, at face value, many who are not privy to the attack will naturally be interested in adding them to their resumes. However, if the attack were to succeed, then the consequences could lead to untold amounts of crypto wallets being seized and stolen.
Hossein Jazi, who works as a security researcher at internet security firm Malwarebytes and has been analyzing Lazarus since February 2022, said individuals from the cybergang are masquerading as employees from Coinbase. The scam attracts potential victims by approaching them to fill the role of “Engineering Manager, Product Security.”
If that individual falls for the fake job offer, then they’ll eventually be given instructions to download a PDF explaining the job in full. However, the file itself is actually a malicious executable utilizing a PDF icon to trick people.
The file itself is called “Coinbase_online_careers_2022_07.exe,” which seems innocent enough if you didn’t know any better. But while it opens a fake PDF document created by the threat actors, it also loads malicious DLL codes onto the target’s system.
After it’s successfully deployed onto the system, the malware will then make use of GitHub as a central command center in order to receive commands, after which it has free rein to carry out attacks on devices that have been breached.
U.S. intelligence services have previously issued warnings regarding Lazarus’ activity in issuing cryptocurrency wallets and investment apps infected with trojans, effectively allowing them to steal private…
https://spinsafe.com/wp-content/uploads/2022/07/hacker-breaking-into-a-system-using-computer.jpg14142121SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2022-08-09 03:30:172022-08-09 03:30:17North Korean hackers are targeting this huge crypto exchange
The U.S. State Department has announced rewards of up to $10 million for any information that could help disrupt North Korea’s cryptocurrency theft, cyber-espionage, and other illicit state-backed activities.
“If you have information on any individuals associated with the North Korean government-linked malicious cyber groups (such as Andariel, APT38, Bluenoroff, Guardians of Peace, Kimsuky, or Lazarus Group) and who are involved in targeting U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act, you may be eligible for a reward,” the department said in a tweet.
The amount is double the bounty the agency publicized in March 2022 for specifics regarding the financial mechanisms employed by state-sponsored actors working on behalf of the North Korean government.
The development comes a week after the Justice Department disclosed the seizure of $500,000 worth of Bitcoin from North Korean hackers who extorted digital payments by using a new ransomware strain known as Maui.
The threat actor, tracked under the umbrella moniker Lazarus Group (aka Hidden Cobra or APT38), is known to target blockchain companies and conduct financially-driven crime through rogue cryptocurrency wallet apps. Andariel and Bluenoroff are said to be subgroups within the larger Lazarus cluster.
Blockchain analytics firm Chainalysis in a report earlier this year linked the Lazarus Group to seven attacks directed against cryptocurrency platforms in 2021 that enabled the adversary to steal roughly $400 million worth of virtual assets.
It has also been implicated in the hacks of Axie Infinity’s Ronin Network Bridge and Harmony Horizon Bridge in recent months, resulting in the theft of hundreds of millions of dollars in digital currencies.
Earlier this month, Microsoft warned that a North Korean activity cluster it calls DEV-0530 has been using a custom ransomware strain dubbed H0lyGh0st to successfully compromise small businesses in multiple countries.
Cyber-enabled financial theft and money laundering, ransomware, cryptojacking, and extortion operations are part of Pyongyang-aligned hackers’ tactical playbook to generate illegal revenue while mitigating the impact of sanctions.
https://spinsafe.com/wp-content/uploads/2022/07/US-Offers-10-Million-Reward-for-Information-on-North-Korean.jpg380728SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2022-07-30 16:00:072022-07-30 16:00:07U.S. Offers $10 Million Reward for Information on North Korean Hackers
