![]() These cybercriminals rose to prominence with the infamous case of cybersabotage against Sony Pictures Entertainment. The Lazarus group was first identified in Novetta’s report Operation Blockbuster in February 2016 US-CERT and the FBI call this group HIDDEN COBRA. In order to deliver its malware, the attackers used an unusual supply-chain mechanism, abusing legitimate South Korean security software and digital certificates stolen from two different companies. ![]() If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.ESET telemetry data recently led our researchers to discover attempts to deploy Lazarus malware via a supply-chain attack in South Korea. Those who have information on the threat actor’s activity and help disrupt it or locate them will be rewarded with $5 million by the U.S. When carried out successfully, supply chain attacks can cause devastating results, affecting much more than one organization – something we saw clearly with the SolarWinds attack last year.Īs mentioned by BleepingComputer, DPRK-sponsored hacking groups including Lazarus, Bluenoroff, and Andariel were sanctioned by the U.S. These recent developments highlight two things: Lazarus remains interested in the defense industry and is also looking to expand its capabilities with supply chain attacks. According to them, MATA can strike Windows, Linux, and macOS operating systems.Īccording to BleepingComputer, the hackers used the MATA malware last year to deploy ransomware and steal information. Once the document is opened, ThreatNeedle is installed, allowing the attacker to obtain full control of the victim’s device, manipulate it and remotely execute commands.Ī few months ago, researchers at Kaspersky noticed that the APT hacking group used the MATA malware framework in cyber-espionage operations. They have also used COVID19-themed spear-phishing emails with malicious attachments or links as the initial access vector to the companies’ enterprise network. ![]() The same month, we found out that the Lazarus group has targeted the defense industry with malware dubbed ThreatNeedle since early 2020 with the ultimate purpose of nabbing classified information. The used malware was linked to the Lazarus Group. In April, we were writing about a Google’s Threat Analysis Group research showing that the North Korean state-sponsored operation has set up a fake security company and social media accounts as part of a broad campaign targeting cybersecurity researchers. It is believed that they were behind the 2014’s Sony Films incident and also that they were connected to the theft of US$81 million from the Central Bank of Bangladesh that occurred in 2016.Īccording to security experts, Lazarus was also responsible for the WannaCry ransomware operation. ![]() The hackers are notorious for some of the most important cyberattacks in recent history. It is believed to have been around since at least 2009, with the gang’s first attack known as “Operation Troy”. The hacking group, also known as Lazarus Group, APT38, Zinc, or HIDDEN COBRA, is a cybercrime gang that has strong connections to North Korea. The backdoor known as BLINDINGCAN was discovered by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation.Īccording to the agencies, the backdoor is able to remove itself from infected networks in order to avoid being noticed, steal information data, initiate and terminate processes, and interfere with document and folder timestamps. With the help of this backdoor, its developers are able to carry out system reconnaissance functions, execute arbitrary commands on compromised machines, and exfiltrate stolen information. The APT group previously used this RAT when attacked crypto exchanges and other similar businesses. The same report shows that Lazarus also deployed North Korean Remote Access Tool COPPERHEDGE using the BLINDINGCAN malware. In the second case, the target was a company developing asset monitoring solutions in Latvia, an atypical victim for Lazarus. In the first case discovered by Kaspersky researchers, Lazarus developed an infection chain that stemmed from legitimate South Korean security software deploying a malicious payload. Lazarus Group, the Advanced Persistent Threat (APT) hacking group linked to the North Korean government, has shifted its attention to new targets, with cybersecurity researchers noticing that the actor is expanding its supply chain attack capabilities.Īs per Kaspersky’s Q3 2021 APT trends report, the APT hacking group deployed the backdoor dubbed BLINDINGCAN to attack a think tank located in South Korea in June after using it to breach an IT asset monitoring solution vendor based in Latvia in May.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |