Security News > 2023 > October > Lazarus hackers breached dev repeatedly to deploy SIGNBT malware
The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer.
SIGNBT can also fetch additional payloads from the C2 and deploy them on the host, providing Lazarus with operational versatility.
Kaspersky has seen Lazarus leverage that feature on SIGNBT to load credential dumping tools and the LPEClient malware on compromised systems.
Kaspersky says Lazarus incorporates the LPEClient on other campaigns it ran in 2023, albeit it used the malware at earlier infection phases to inject other payloads.
Lazarus hackers breach aerospace firm with new LightlessCan malware.
Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks.
News URL
Related news
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware (source)
- Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware (source)