Security News
The North Korea-linked threat actor known as Lazarus has been targeting users in South Korea through a supply chain attack that involves software typically required by government and financial organizations, ESET reported on Monday. Lazarus is the most well known hacker group that is believed to be operating on behalf of the North Korean government, with attacks ranging from espionage to profit-driven operations.
The nation-state threat operator Lazarus Group is being tied to a recent phishing campaign that targeted admins at a cryptocurrency firm via LinkedIn messages. Researchers say that the recently identified a series of incident that were part of a broader campaign targeting businesses worldwide through LinkedIn messages sent to targets' personal LinkedIn accounts.
"Whenever a successful connection was made, a network share was mounted, and the VHD ransomware was copied and executed through WMI calls. This stood out to us as an uncharacteristic technique for cybercrime groups; instead, it reminded us of the APT campaigns Sony SPE, Shamoon and OlympicDestroyer, three previous wipers with worming capabilities." The VHD ransomware is written in C++ and encrypts files on all connected disks, the analysis determined.
The North Korea-linked APT known as Lazarus Group has debuted an advanced, multipurpose malware framework, called MATA, to target Windows, Linux and macOS operating systems. As far as victimology, known organizations hit by the MATA framework have been located in Germany, India, Japan, Korea, Turkey and Poland - indicating that the attacks cast a wide net.
The Lazarus Group, state-sponsored hackers affiliated with North Korea, has added digital payment-card skimming to their repertoire, researchers said, using Magecart code. The analysis found that Lazarus was likely planting Magecart payment skimmers on major online retailer sites as early as May 2019.
Taking a closer look at the malware, the malicious Mac executable is located in "Contents/Resources/Base.lproj/" directory of the fake application and pretends to be a nib file, according to researchers at Malwarebytes, in a posting on Wednesday. Once it starts, it creates a property list file that specifies the application that needs to be executed after reboot, and the content of the plist file is hardcoded within the application.
In-memory malware a first for suspected Nork hacking crew The Lazarus group, which has been named as one of North Korea's state-sponsored hacking teams, has been found to be using new tactics to...
Norks trigger Uncle Sam's alarm with attack variant The Lazarus Group hacking operation, thought to be controlled by the North Korean government, has a new malware toy to pitch at potential...
MacOS users, as well as Windows, are in the cross-hairs, especially those based in South Korea.
Access to C'n'C server data shows state hackers weren't smart enough for false flags McAfee (the antivirus firm, not John the dodgy "playboy") reckons the Sharpshooter malware campaign it...