Security News > 2020 > November > Hacked Security Software Used in Novel South Korean Supply-Chain Attack
The Lazarus cybercriminal group is using a novel supply-chain attack against visitors to websites operated by the South Korean government and financial firms, in order to deliver dropper malware that eventually plants a remote access trojan on victim's PCs. The attacks use stolen digital certificates from two security firms, which allow Lazarus operators to corrupt a browser plug-in designed to protect users from being hacked.
In this attack the Lazarus Group, notorious for its 2014 Sony Pictures Entertainment hack, exploits security software made by Wizvera.
"To understand this novel supply-chain attack, you should be aware that South Korean internet users are often asked to install additional security software when visiting government or internet banking websites," ESET wrote.
The first stage in the attack is for the Lazarus operators to corrupt a site running the Wizvera software.
"This time we analyzed how the Lazarus Group used a very interesting approach to target South Korean users of Wizvera VeraPort software. As mentioned in our analysis, it's the combination of compromised websites with WIZVERA VeraPort support and specific VeraPort configuration options that allow attackers to perform this attack," ESET researchers wrote.
News URL
https://threatpost.com/hacked-software-south-korea-supply-chain-attack/161257/
Related news
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar (source)