#Lazarus group apt software#
After the incident, the company updated all their software to the latest versions. It is used by the Lazarus group against a wide variety of targets. Initially discovered in 2019, the backdoor remains in use three years later. According to Kaspersky, the APT compromised multiple servers and uploaded several malicious scripts in the process. The hacking group had stolen the digital certificate from a US-based South Korean security company. The report therefore does not name the affected software.ĭuring the infiltration in May 2022, the affected financial company was using a vulnerable version of a certificate program that was commonly used by public institutions and universities. minute read Authors Konstantin Zykov Jornt van der Wiel Introduction DTrack is a backdoor used by the Lazarus group. During the attack, the North Korean APT deployed a compromised downloader Racket signed with a stolen digital certificate.
#Lazarus group apt Patch#
The North Korea-linked group had infiltrated the affected company in May 2022 and again in October through the same software’s zero-day vulnerability, according to a research by AhnLab Security Emergency Response Center (ASEC).ĪSEC reported the software in question to the Korean Internet and Security Agency since the vulnerability has not been fully verified yet and a software patch has not been released. APT38, APT 38, Stardust Chollima, Whois Hacking Team, Zinc, Appleworm.
The attacks involved modifications of the well-known malware, DTrack, as well as the use of the brand-new Maui ransomware. Commercial reporting has referred to this activity as Lazarus Group and Guardians. Lazarus group was spotted exploiting flaws in unnamed software to gain access to a South Korean finance firm twice last year. Woburn, MA Aug Kaspersky experts have uncovered new attacks by Andariel, an advanced persistent threat (APT) subgroup of Lazarus, known for its campaigns in South Korea.
0 kommentar(er)
