Home Security North Korean Lazarus Hackers Concentrating on Power Suppliers Across the World

North Korean Lazarus Hackers Concentrating on Power Suppliers Across the World

by crpt os


A malicious campaign mounted by the North Korea-linked Lazarus Group is targeting energy providers around the world, including those based in the United States, Canada, and Japan.

“The campaign is meant to infiltrate organizations around the world for establishing long-term access and subsequently exfiltrating data of interest to the adversary’s nation-state,” Cisco Talos said in a report shared with The Hacker News.

Some elements of the espionage attacks have already entered public domain, courtesy of prior reports from Broadcom-owned Symantec and AhnLab earlier this April and May.

CyberSecurity

Symantec attributed the operation to a group referred to as Stonefly, a Lazarus subgroup which is better known as Andariel, Guardian of Peace, OperationTroy, and Silent Chollima.

While these attacks previously led to the instrumentation of Preft (aka Dtrack) and NukeSped (aka Manuscrypt) implants, the latest attack wave is notable for employing two other pieces of malware: VSingle, an HTTP bot which executes arbitrary code from a remote network, and a Golang backdoor called YamaBot.

Also put to use in the campaign is a new remote access trojan called MagicRAT that comes with capabilities to evade detection and launch additional payloads on the infected systems.

“Although the same tactics have been applied in both attacks, the resulting malware implants deployed have been distinct from one another, indicating the wide variety of implants available at the disposal of Lazarus,” researchers Jung soo An, Asheer Malhotra, and Vitor Ventura said.

CyberSecurity

Initial access into enterprise networks is facilitated by means of exploitation of vulnerabilities in VMware products (e.g., Log4Shell), with the ultimate goal of establishing persistent access to perform activities in support of North Korean government objectives.

The use of VSingle in one attack chain is said to have enabled the threat actor to carry out a variety of activities such as reconnaissance, exfiltration, and manual backdooring, giving the operators a solid understanding of the victim environment.

Other tactics embraced by the group besides the use of bespoke malware include credential harvesting via tools like Mimikatz and Procdump, disabling antivirus components, and reconnaissance of the Active Directory services, and even taking steps to cleanup their traces after activating the backdoors on the endpoint.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex