Security News

Lazarus Group Targets South Korea via Supply Chain Attack
2020-11-16 16:47

The North Korea-linked threat actor known as Lazarus has been targeting users in South Korea through a supply chain attack that involves software typically required by government and financial organizations, ESET reported on Monday. Lazarus is the most well known hacker group that is believed to be operating on behalf of the North Korean government, with attacks ranging from espionage to profit-driven operations.

Lazarus Group Targets Cryptocurrency Firms Via LinkedIn Messages
2020-08-25 14:46

The nation-state threat operator Lazarus Group is being tied to a recent phishing campaign that targeted admins at a cryptocurrency firm via LinkedIn messages. Researchers say that the recently identified a series of incident that were part of a broader campaign targeting businesses worldwide through LinkedIn messages sent to targets' personal LinkedIn accounts.

Lazarus Group Brings APT Tactics to Ransomware
2020-07-28 21:20

"Whenever a successful connection was made, a network share was mounted, and the VHD ransomware was copied and executed through WMI calls. This stood out to us as an uncharacteristic technique for cybercrime groups; instead, it reminded us of the APT campaigns Sony SPE, Shamoon and OlympicDestroyer, three previous wipers with worming capabilities." The VHD ransomware is written in C++ and encrypts files on all connected disks, the analysis determined.

Lazarus Group Surfaces with Advanced Malware Framework
2020-07-22 16:43

The North Korea-linked APT known as Lazarus Group has debuted an advanced, multipurpose malware framework, called MATA, to target Windows, Linux and macOS operating systems. As far as victimology, known organizations hit by the MATA framework have been located in Germany, India, Japan, Korea, Turkey and Poland - indicating that the attacks cast a wide net.

Lazarus Group Adds Magecart to the Mix
2020-07-06 17:18

The Lazarus Group, state-sponsored hackers affiliated with North Korea, has added digital payment-card skimming to their repertoire, researchers said, using Magecart code. The analysis found that Lazarus was likely planting Magecart payment skimmers on major online retailer sites as early as May 2019.

Lazarus Group Hides macOS Spyware in 2FA Application
2020-05-06 21:10

Taking a closer look at the malware, the malicious Mac executable is located in "Contents/Resources/Base.lproj/" directory of the fake application and pretends to be a nib file, according to researchers at Malwarebytes, in a posting on Wednesday. Once it starts, it creates a property list file that specifies the application that needs to be executed after reboot, and the content of the plist file is hardcoded within the application.

Lazarus group goes back to the Apple orchard with new macOS trojan
2019-12-05 00:28

In-memory malware a first for suspected Nork hacking crew The Lazarus group, which has been named as one of North Korea's state-sponsored hacking teams, has been found to be using new tactics to...

Lazarus Group rises again from the digital grave with Hoplight malware for all
2019-04-10 23:36

Norks trigger Uncle Sam's alarm with attack variant The Lazarus Group hacking operation, thought to be controlled by the North Korean government, has a new malware toy to pitch at potential...

Lazarus Group Widens Tactics in Cryptocurrency Attacks
2019-03-28 16:12

MacOS users, as well as Windows, are in the cross-hairs, especially those based in South Korea.

McAfee: Oops, our bad. Sharpshooter malware was the Norks' Lazarus Group the whole time
2019-03-04 16:41

Access to C'n'C server data shows state hackers weren't smart enough for false flags McAfee (the antivirus firm, not John the dodgy "playboy") reckons the Sharpshooter malware campaign it...