Security News > 2021 > February > Here's How North Korean Hackers Stole Data From Isolated Network Segment
During an attack on the defense industry, the North Korea-linked threat group known as Lazarus was able to exfiltrate data from a restricted network segment by taking control of a router and setting it up as a proxy server.
They were even able to steal data from a network segment that was cut off from the internet, by compromising a router used to connect to it.
Despite the organization's effort to keep specific data secure using network segmentation, Lazarus was able to harvest administrative credentials to the router used to connect to both network segments.
The hackers configured the Apache web server and used the router as a proxy between the two network segments.
Thus, not only were they able to deploy malware onto machines in the restricted network segment, but they also managed to exfiltrate data from these machines.
"In recent years, the Lazarus group has focused on attacking financial institutions around the world. However, beginning in early 2020, they focused on aggressively attacking the defense industry. While Lazarus has also previously utilized the ThreatNeedle malware used in this attack when targeting cryptocurrency businesses, it is currently being actively used in cyberespionage attacks," Kaspersky concludes.
News URL
Related news
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)