Furthermore, it is attempting to expand into IT supply chain attacks. The senior security researcher expressed in the summary that the new revelations indicate Lazarus is still keen on penetrating the defense industry. The group stole critical information from defense companies by using an advanced malware known as ThreatNeedle.
Before that, researchers linked a 2020 spear-phishing campaign to advanced persistent threats. The APT group was spreading malicious documents to job-hunting engineers by disguising themselves as defense contractors seeking job candidates. Currently, they are applying them to new goals.Īmong several attacks against the military, researchers have found one of its campaigns in July this year.
Kaspersky researchers also believe the group contains a wide range of advanced tools. The group has also indulged in attacking the cryptocurrency market and defense industry, according to researchers. It is a group that has participated in several large-scale cyberespionage and ransomware campaigns. The researchers claim that the advanced persistent threat group has been active since nearly 2009. It includes evading detection, spawning & killing processes, exfiltrating data, and tampering with file and folder timestamps. They discovered that it contains the potential to escape the compromised system for achieving numerous functions. The Mystery about the BlindingCan BackdoorĬISA and FBI had initially identified the BlindingCan backdoor used in the IT supply chain attacks conducted by the Lazarus group. Keep in mind that he is a senior security researcher at Kaspersky. According to Ariel Jungheit, the group conducted the attack in a careful multi-stage process through two layers of multiple command and control servers. This time, the APT group had deployed the Copperhedge backdoor on the network of the technology provider. In the second attack, the group had targeted an IT company that develops asset monitoring solutions in Lativa. In addition, it also warned that the group was utilizing BlindingCan to drain intelligence off military and energy outfits. It raised a warning that the Lazarus group was using the two Remote Access Trojans (RATs) to keep a presence on compromised networks. One dates back to May 12, 2020, while the other goes back to August 19, 2020. Along similar lines, the CISA (Cybersecurity and Infrastructure Security Agency) had issued separate alerts last year. One of them is BlindingCan, whereas the other one is Copperhedge.
#Lazarus group software
The group has exploited the company’s software to deploy two Remote Access Trojans on a South Korean think tank network. The first IT supply chain attack conducted by Lazarus involved a network of a South Korean security vendor. Dissecting Recent IT Supply Chain Attacks by Lazarus Nevertheless, Kaspersky research discovered in June that the APT group was leveraging MATA for cyberespionage. Historically, cybercriminals have used MATA to spread ransomware and exfiltrate customer databases in several industries. For the record, such MATA malware framework contains the potential to target three operating systems, namely Linux, Windows, and macOS.
Lazarus hacking group – the advanced persistent threat (APT) group – conducts IT supply chain attacks through its multi-platform MATA framework. Leveraging Multi-Platform MATA Framework for Cyberespionage Remember, it is essential to gather information and evidence to follow legal action after containing a threat. Get our specialized digital forensics services to discover the root cause of your case. For the sake of your information, BlindingCan is the North Korean Remote Access Trojan (RAT). It refers to leveraging a new variant of the BlindingCan backdoor in these attacks. Kaspersky researchers state that the group has built IT supply chain capabilities with an upgraded DeathNote malware cluster. In the previous month of May, the same group breached a Latvian IT vendor. In this regard, researchers at cybersecurity company Kaspersky have recently claimed that the Lazarus group breached a South Korean think tank in June. It has embarked on a journey of expanding its IT supply chain attack capabilities. North Korean-backed Lazarus hacking group that inclines to infiltrate the military has now shifted its focus on new targets.
0 kommentar(er)
