Daily Tech News, Interviews, Reviews and Updates

Lazarus Hackers are targeting every country’s Energy providers

Security
By Somya Agrawal

North Korea has returned to the cybersecurity news due to its ties to the Lazarus Group and yet another successful cyber-robbery.
Targets of this attack include international energy suppliers with offices in the US, Canada, and Japan.

The campaign “is meant to infiltrate businesses around the world for obtaining long-term access and then exfiltrating documents of relevance to the adversary’s nation-state,” according to a report provided with The Hacker News by Cisco Talos.

Certain details of the espionage attempts became public after earlier reports from Broadcom-owned Symantec and AhnLab in April and May of this year.

The operation was linked by Symantec to the Stonefly group, a Lazarus subgroup also known as Andariel, Guardian of Peace, Operation Troy, and Silent Chollima.

Perfect (also known as Dtrack) and NukeSped (also known as Manuscrypt) implants were previously instrumented as a result of these attacks, but the most recent wave of attacks is notable for using two additional pieces of malware: VSingle, an HTTP bot that runs arbitrary code from a remote network, and YamaBot, a Golang backdoor.
Also put to use in the operation is a new remote access trojan named MagicRAT that comes with ability to elude detection and deploy additional payloads on the compromised devices.

In order to gain initial access to corporate networks and eventually gain persistent access to carry out operations supporting North Korean government objectives, vulnerabilities in VMware products (such as Log4Shell) are exploited.
The use of VSingle in one attack chain is thought to have enabled the threat actor to do a number of tasks, including manual backdooring, exfiltration, and reconnaissance. This gave the operators a thorough grasp of the target environment.

The organization uses a variety of methods in addition to custom malware, including as credential harvesting with tools like Mimikatz and Procdump, antivirus software disabling, reconnaissance of the Active Directory services, and even erasing their footprints after activating endpoint backdoors.

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
Somya Agrawal 762 posts

Having an artistic mind, She likes to find her way through words and put her perspectives boldly. She is flexible and open to working under any circumstances and pressure.

You might also like
Security

[Update- resolved]Motorola’s X Handle Falls Victim to Crypto Phishing Scam

Apps

Google Officially Rolls Out New Safety Features In Chrome

Security

macOS Security at Risk: Cthulhu Stealer Malware Targets Apple Users

Crypto

McDonald’s Instagram Account hacked, resulting in a $7,00,000 Cryptocurrency Scam

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More