Security News > 2023 > October > Lazarus hackers breached dev repeatedly to deploy SIGNBT malware
The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer.
SIGNBT can also fetch additional payloads from the C2 and deploy them on the host, providing Lazarus with operational versatility.
Kaspersky has seen Lazarus leverage that feature on SIGNBT to load credential dumping tools and the LPEClient malware on compromised systems.
Kaspersky says Lazarus incorporates the LPEClient on other campaigns it ran in 2023, albeit it used the malware at earlier infection phases to inject other payloads.
Lazarus hackers breach aerospace firm with new LightlessCan malware.
Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks.
News URL
Related news
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)