Recently, the security experts of ESET has detected Lazarus malware as it was involved in new campaigns against the South Korean Supply Chain by stolen security documents. The experts also revealed the abuse of the certificates that have been stolen are belongs to two separate, authorized South Korean companies.
Lazarus, also identified as Hidden Cobra, it’s an umbrella title for elite threat groups. This group includes offshoot entities that are suspected of being attached to North Korea.
Moreover, the experts also believed that it is liable for Sony’s infamous 2014 hack; not only this, but Lazarus has also been correlated to hacks that are using zero-day vulnerabilities, LinkedIn phishing messages, and also the deployment of Trojans in campaigns that includes Dacls and Trickbot.
Lazarus group was initially recognized in February 2016, in Novetta’s report “Operation Blockbuster”; therefore, the US-CERT and the FBI named this group as HIDDEN COBRA. According to the security experts, these cybercriminals surged to influence with the infamous case of cybersabotage against Sony Pictures Entertainment.
Apart from this, the Lazarus toolset is extremely wide, and the security experts believe that there are various subgroups of this toolset. The toolsets are being used by some other cybercriminal groups, but none of the source code of any Lazarus tools has ever been published in a public leak.
In the Lazarus supply-chain attack, the South Korean internet users are often claimed to install additional security software when attending government or internet trading websites.
The chain consists of a WIZVERA VeraPort it is referred to as an integration installation plan; it is a South Korean application that assists in managing such extra security software.
When the WIZVERA VeraPort gets installed on their devices, users receive and install all necessary software that are required by a specific website with VeraPort.
The samples that are delivered using the supply-chain attack are mentioned below:-
The attributions that are involved in this supply chain are mentioned below:-
According to the ESET report, it is a common characteristic of many APT groups, particularly Lazarus, that they unleash their stockpile within various stages that perform as a cascade, from the dropper to the common products up to the definitive payloads.
The targeted web server requires to be configured in a specific way, and this malware delivery method has only been utilized in inadequate Lazarus operations. However, security experts are still investigating the whole matter and trying to bypass all the threats.
WhatsApp has announced the rollout of a new feature to safeguard sensitive conversations. The Secret…
In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…
Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…
The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…
In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…
A recent campaign has been observed to be delivering DJvu ransomware through a loader that…