Security News > 2023 > October > Lazarus hackers breached dev repeatedly to deploy SIGNBT malware
The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer.
SIGNBT can also fetch additional payloads from the C2 and deploy them on the host, providing Lazarus with operational versatility.
Kaspersky has seen Lazarus leverage that feature on SIGNBT to load credential dumping tools and the LPEClient malware on compromised systems.
Kaspersky says Lazarus incorporates the LPEClient on other campaigns it ran in 2023, albeit it used the malware at earlier infection phases to inject other payloads.
Lazarus hackers breach aerospace firm with new LightlessCan malware.
Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks.
News URL
Related news
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)