Security News > 2023 > March > Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity
The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year.
While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that's widely used by public institutions and universities, the re-infiltration in October 2022 involved the exploitation of a zero-day in the same program.
Cybersecurity firm AhnLab Security Emergency Response Center said it's refraining from mentioning the software owing to the fact that "The vulnerability has not been fully verified yet and a software patch has not been released."
It's worth noting here that the Bring Your Own Vulnerable Driver, aka BYOVD, technique has been repeatedly employed by the Lazarus Group in recent months, as documented by both ESET and AhnLab in a series of reports late last year.
Among other steps to conceal its malicious behavior include changing file names before deleting them and modifying timestamps using an anti-forensic technique referred to as timestomping.
"The Lazarus group is researching the vulnerabilities of various other software and are constantly changing their TTPs by altering the way they disable security products and carry out anti-forensic techniques to interfere or delay detection and analysis in order to infiltrate Korean institutions and companies," ASEC said.
News URL
https://thehackernews.com/2023/03/lazarus-group-exploits-zero-day.html
Related news
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)