North Korean hackers use new Vyveva malware to attack freighters

2021-04-08 13:01

The North Korean-backed Lazarus hacking group used new malware with backdoor capabilities dubbed Vyveva n targeted attacks against a South African freight logistics company.

Vyveva was first used in a June 2020 attack as ESET researchers discovered, but further evidence shows Lazarus has been deploying it in previous attacks going back to at least December 2018.

The malware comes with an extensive set of cyber-espionage capabilities allowing Lazarus operators to harvest and exfiltrate files from infected systems to servers under their control using the Tor anonymous network as a secure communication channel.

While the backdoor will connect to its command-and-control server once every three minutes, it also uses watchdogs designed to keep track of newly connected drives or the active user sessions to trigger new C2 connections on new session or drive events.

"Vyveva constitutes yet another addition to Lazarus's extensive malware arsenal," Jurčacko added.

Indicators of compromise, including Vyveva sample hashes used during attacks targeting the South African freight company, are available at the end of ESET's report.

News URL

https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-new-vyveva-malware-to-attack-freighters/

#attack #hacker #malware #northkorean

News URL

Related news