Security News > 2021 > February > Here's How North Korean Hackers Stole Data From Isolated Network Segment
During an attack on the defense industry, the North Korea-linked threat group known as Lazarus was able to exfiltrate data from a restricted network segment by taking control of a router and setting it up as a proxy server.
They were even able to steal data from a network segment that was cut off from the internet, by compromising a router used to connect to it.
Despite the organization's effort to keep specific data secure using network segmentation, Lazarus was able to harvest administrative credentials to the router used to connect to both network segments.
The hackers configured the Apache web server and used the router as a proxy between the two network segments.
Thus, not only were they able to deploy malware onto machines in the restricted network segment, but they also managed to exfiltrate data from these machines.
"In recent years, the Lazarus group has focused on attacking financial institutions around the world. However, beginning in early 2020, they focused on aggressively attacking the defense industry. While Lazarus has also previously utilized the ThreatNeedle malware used in this attack when targeting cryptocurrency businesses, it is currently being actively used in cyberespionage attacks," Kaspersky concludes.
News URL
Related news
- 0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) (source)
- North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign (source)
- North Korean Hackers Target Developers with Malicious npm Packages (source)
- North Korean hackers exploit Chrome zero-day to deploy rootkit (source)
- North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (source)
- North Korean hackers’ social engineering tricks (source)
- North Korean Hackers Targets Job Seekers with Fake FreeConference App (source)
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)