Security News > 2022 > September > North Korean Lazarus Hackers Targeting Energy Providers Around the World
A malicious campaign mounted by the North Korea-linked Lazarus Group is targeting energy providers around the world, including those based in the United States, Canada, and Japan.
"The campaign is meant to infiltrate organizations around the world for establishing long-term access and subsequently exfiltrating data of interest to the adversary's nation-state," Cisco Talos said in a report shared with The Hacker News.
Some elements of the espionage attacks have already entered public domain, courtesy of prior reports from Broadcom-owned Symantec and AhnLab earlier this April and May. Symantec attributed the operation to a group referred to as Stonefly, a Lazarus subgroup which is better known as Andariel, Guardian of Peace, OperationTroy, and Silent Chollima.
While these attacks previously led to the instrumentation of Preft and NukeSped implants, the latest attack wave is notable for employing two other pieces of malware: VSingle, an HTTP bot which executes arbitrary code from a remote network, and a Golang backdoor called YamaBot.
"Although the same tactics have been applied in both attacks, the resulting malware implants deployed have been distinct from one another, indicating the wide variety of implants available at the disposal of Lazarus," researchers Jung soo An, Asheer Malhotra, and Vitor Ventura said.
Initial access into enterprise networks is facilitated by means of exploitation of vulnerabilities in VMware products, with the ultimate goal of establishing persistent access to perform activities in support of North Korean government objectives.
News URL
https://thehackernews.com/2022/09/north-korean-lazarus-hackers-targeting.html
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)