Security News > 2020 > November > Hacked Security Software Used in Novel South Korean Supply-Chain Attack
The Lazarus cybercriminal group is using a novel supply-chain attack against visitors to websites operated by the South Korean government and financial firms, in order to deliver dropper malware that eventually plants a remote access trojan on victim's PCs. The attacks use stolen digital certificates from two security firms, which allow Lazarus operators to corrupt a browser plug-in designed to protect users from being hacked.
In this attack the Lazarus Group, notorious for its 2014 Sony Pictures Entertainment hack, exploits security software made by Wizvera.
"To understand this novel supply-chain attack, you should be aware that South Korean internet users are often asked to install additional security software when visiting government or internet banking websites," ESET wrote.
The first stage in the attack is for the Lazarus operators to corrupt a site running the Wizvera software.
"This time we analyzed how the Lazarus Group used a very interesting approach to target South Korean users of Wizvera VeraPort software. As mentioned in our analysis, it's the combination of compromised websites with WIZVERA VeraPort support and specific VeraPort configuration options that allow attackers to perform this attack," ESET researchers wrote.
News URL
https://threatpost.com/hacked-software-south-korea-supply-chain-attack/161257/
Related news
- GhostEngine mining attacks kill EDR security using vulnerable drivers (source)
- JAVS courtroom recording software backdoored in supply chain attack (source)
- Suspected supply chain attack backdoors courtroom recording software (source)
- Supply Chain Attack against Courtroom Software (source)
- Polyfill.io JavaScript supply chain attack impacts over 100K sites (source)
- Plugins on WordPress.org backdoored in supply chain attack (source)
- B+ security rating masks healthcare supply chain risks (source)
- Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack (source)
- Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks (source)
- 'Almost every Apple device' vulnerable to CocoaPods supply chain attack (source)