Security News > 2021 > October > Latest Report Uncovers Supply Chain Attacks by North Korean Hackers
Lazarus Group, the advanced persistent threat group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities.
The latest intelligence-gathering operation involved the use of MATA malware framework as well as backdoors dubbed BLINDINGCAN and COPPERHEDGE to attack the defense industry, an IT asset monitoring solution vendor based in Latvia, and a think tank located in South Korea, according to a new Q3 2021 APT Trends report published by Kaspersky.
In one instance, the supply-chain attack originated from an infection chain that stemmed from legitimate South Korean security software running a malicious payload, leading to the deployment of the BLINDINGCAN and COPPERHEDGE malware on the think tank's network in June 2021.
The other attack on the Latvian company in May is an "Atypical victim" for Lazarus, the researchers said.
According to previous findings by Kaspersky, the MATA campaign is capable of striking Windows, Linux, and macOS operating systems, with the attack infrastructure enabling the adversary to carry out a multi-staged infection chain that culminates in the loading of additional plugins, which allow access to a wealth of information including files stored on the device, extract sensitive database information as well as inject arbitrary DLLs. Beyond Lazarus, a Chinese-speaking APT threat actor, suspected to be HoneyMyte, was found adopting the same tactic, wherein a fingerprint scanner software installer package was modified to install the PlugX backdoor on a distribution server belonging to a government agency in an unnamed country in South Asia.
The development comes as cyber attacks aimed at the IT supply chain have emerged as a top concern in the wake of the 2020 SolarWinds intrusion, highlighting the need to adopt strict account security practices and take preventive measures to protect enterprise environments.
News URL
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals (source)
- 0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) (source)
- North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign (source)
- Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks (source)
- North Korean Hackers Target Developers with Malicious npm Packages (source)
- North Korean hackers exploit Chrome zero-day to deploy rootkit (source)
- North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- North Korean hackers’ social engineering tricks (source)