Tag Archive for: Lazarus

Lazarus APT hacking group is targeting the defense industry

/in


Security researchers have warned of a new hacking campaign by a Lazarus APT group closely linked to the North Korean regime. The hackers have targeted defense industry companies.

According to Kaspersky researchers, the Lazarus group is a highly prolific advanced threat actor active since at least 2009 and linked to many multifaceted campaigns. Since early last year, Kaspersky said the group has been targeting the defense industry with a custom backdoor dubbed ThreatNeedle that moves laterally through infected networks, gathering sensitive information.

Before this most recent campaign, the hackers have been involved in other large-scale cyberespionage campaigns, ransomware campaigns, and even attacks against the cryptocurrency market. These latest attacks signal a change in direction.

Researchers said they became aware of this campaign when they were called in to assist with incident response and discovered the organization had fallen victim to the ThreatNeedle backdoor.

The initial infection occurs through spear-phishing, in which targets receive emails with malicious Word attachments or links to them hosted on company servers. These emails claim to have urgent updates on the coronavirus pandemic and appear to come from a respected medical center.

If a victim opens a malicious document, it installs malware belonging to the Manuscrypt family, which is attributed to the Lazarus group. Researchers have previously seen this malware attacking cryptocurrency businesses. 

Once installed, the malware gains full control of the victim’s device, meaning it can do everything from manipulate files to execute received commands.

Researchers said one of the more interesting aspects of the campaign is its capacity to steal data from an office IT network and a plant’s restricted network with mission-critical assets and computers with highly sensitive data and no internet access.

While company policies usually prevent data transfer between these two networks, administrators could connect to both networks to maintain these systems. Lazarus was able to control administrator workstations and set up a malicious gateway to attack the restricted network, allowing it to steal and extract confidential data…

Source…

Hacking group Lazarus targets South Korean supply chains

/in


Seoul, Nov 16 : Hackers associated with the infamous Lazarus group, which is suspected of being tied to North Korea, are now targeting South Korean supply chains, cybersecurity researchers from ESET warned on Monday.

The attackers abused legitimate South Korean security software and digital certificates stolen from two different companies to deploy their malware, the researchers said.

The Lazarus Group’s activities were widely reported after it was blamed for the 2014 cyber attack on Sony Pictures Entertainment and the 2017 WannaCry ransomware attack on countries including the US and Britain.

Malware researchers Anton Cherepanov and Peter Kalnai wrote that the hackers are particularly interested in supply chain attacks, because they allow them to covertly deploy malware on many computers at the same time.

“We can safely predict that the number of supply-chain attacks will increase in the future, especially against companies whose services are popular in specific regions or in specific industry verticals,” the researchers wrote in a post detailing how ESET researchers discovered attempts to deploy Lazarus malware via a supply chain attack in South Korea.

The researchers explained that Internet users in South Korea are often asked to install additional security software when visiting government or Internet banking websites.

WIZVERA VeraPort is a South Korean application that helps manage such additional security software.

After installing this application on their devices, users receive and install all necessarily software required by a specific website with VeraPort.

The attackers abused this mechanism in order to deliver Lazarus malware from a legitimate but compromised website, according to the ESET researchers.

Disclaimer: This story is auto-generated from IANS service.

Subscribe us on The Siasat Daily - Google News

Source…

Lazarus Group rises again from the digital grave with Hoplight malware for all – The Register

/in

Lazarus Group rises again from the digital grave with Hoplight malware for all  The Register

The Lazarus Group hacking operation, thought to be controlled by the North Korean government, has a new malware toy to pitch at potential targets and the US …

“malware news” – read more

Lazarus Group Deploys Its First Mac Malware in Cryptocurrency Exchange Hack

/in

Lazarus Group, the North Korean hackers who hacked Sony Films a few years back, have deployed their first Mac malware ever, according to Russian antivirus vendor Kaspersky Lab. In a report shared with …
mac hacker – read more