Security News > 2020 > July > North Korean Hackers Operate VHD Ransomware, Kaspersky Says
The VHD ransomware family that emerged earlier this year is the work of North Korea-linked threat actor Lazarus, Kaspersky's security researchers reveal.
Several malware families have been attributed to Lazarus over the past several months, including new Mac malware families and the cross-platform malware framework MATA. Now, Kaspersky reveals that the threat actor is also operating the VHD ransomware, which has been observed in two campaigns in March and May 2020.
Kaspersky's researchers are confident that the North Korean hackers have indeed added ransomware to their arsenal, targeting enterprises for financial gain.
"We have known that Lazarus has always been focused on financial gain since WannaCry we had not really seen any engagement with ransomware," said Ivan Kwiatkowski, senior security researcher at Kaspersky's GReAT. VHD ransomware was initially observed in an attack in Europe, propagating inside compromised networks by brute-forcing the SMB service of identified computers using a "List of administrative credentials and IP addresses specific to the victim," Kaspersky says.
"The data we have at our disposal tends to indicate that the VHD ransomware is not a commercial off-the-shelf product; and as far as we know, the Lazarus group is the sole owner of the MATA framework. Hence, we conclude that the VHD ransomware is also owned and operated by Lazarus," the security researchers say.
News URL
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)