Home Security North Korean Hackers Concentrating on Europe and Latin America with Up to date DTrack Backdoor

North Korean Hackers Concentrating on Europe and Latin America with Up to date DTrack Backdoor

by crpt os


Hackers tied to the North Korean government have been observed using an updated version of a backdoor known as Dtrack targeting a wide range of industries in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey, and the U.S.

“Dtrack allows criminals to upload, download, start or delete files on the victim host,” Kaspersky researchers Konstantin Zykov and Jornt van der Wiel said in a report.

The victimology patterns indicate an expansion to Europe and Latin America. Sectors targeted by the malware are education, chemical manufacturing, governmental research centers and policy institutes, IT service providers, utility providers, and telecommunication firms.

Dtrack, also called Valefor and Preft, is the handiwork of Andariel, a subgroup of the Lazarus nation-state threat actor that’s publicly tracked by the broader cybersecurity community using the monikers Operation Troy, Silent Chollima, and Stonefly.

Discovered in September 2019, the malware has been previously deployed in a cyber attack aimed at a nuclear power plant in India, with more recent intrusions using Dtrack as part of Maui ransomware attacks.

Industrial cybersecurity company Dragos has since attributed the nuclear facility attack to a threat actor it calls WASSONITE, pointing out the use of Dtrack for remote access to the compromised network.

The latest changes observed by Kaspersky relate to how the implant conceals its presence within a seemingly legitimate program (“NvContainer.exe” or “XColorHexagonCtrlTest.exe”) and the use of three layers of encryption and obfuscation designed to make analysis more difficult.

The final payload, upon decryption, is subsequently injected into the Windows File Explorer process (“explorer.exe”) using a technique called process hollowing. Chief among the modules downloaded through Dtrack is a keylogger as well as tools to capture screenshots and gather system information.

“The Dtrack backdoor continues to be used actively by the Lazarus group,” the researchers concluded. “Modifications in the way the malware is packed show that Lazarus still sees Dtrack as an important asset.”





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex