Security News > 2021 > April > North Korean hackers use new Vyveva malware to attack freighters
The North Korean-backed Lazarus hacking group used new malware with backdoor capabilities dubbed Vyveva n targeted attacks against a South African freight logistics company.
Vyveva was first used in a June 2020 attack as ESET researchers discovered, but further evidence shows Lazarus has been deploying it in previous attacks going back to at least December 2018.
The malware comes with an extensive set of cyber-espionage capabilities allowing Lazarus operators to harvest and exfiltrate files from infected systems to servers under their control using the Tor anonymous network as a secure communication channel.
While the backdoor will connect to its command-and-control server once every three minutes, it also uses watchdogs designed to keep track of newly connected drives or the active user sessions to trigger new C2 connections on new session or drive events.
"Vyveva constitutes yet another addition to Lazarus's extensive malware arsenal," Jurčacko added.
Indicators of compromise, including Vyveva sample hashes used during attacks targeting the South African freight company, are available at the end of ESET's report.
News URL
Related news
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)