Lazarus Team, the highly developed persistent threat (APT) team attributed to the North Korean govt, has been observed waging two individual offer chain attack strategies as a signifies to get a foothold into company networks and goal a extensive vary of downstream entities.
The latest intelligence-collecting procedure concerned the use of MATA malware framework as very well as backdoors dubbed BLINDINGCAN and COPPERHEDGE to attack the defense sector, an IT asset checking option seller primarily based in Latvia, and a imagine tank positioned in South Korea, according to a new Q3 2021 APT Trends report printed by Kaspersky.
In one particular occasion, the supply-chain attack originated from an infection chain that stemmed from legitimate South Korean security computer software operating a destructive payload, leading to the deployment of the BLINDINGCAN and COPPERHEDGE malware on the imagine tank’s network in June 2021. The other attack on the Latvian firm in May possibly is an “atypical target” for Lazarus, the scientists said.
It can be not very clear if Lazarus tampered with the IT vendor’s software to distribute the implants or if the group abused the obtain to the firm’s network to breach other clients. The Russian cybersecurity agency is tracking the marketing campaign beneath the DeathNote cluster.
That is not all. In what seems to be a distinct cyber-espionage marketing campaign, the adversary has also been spotted leveraging the multi-system MATA malware framework to complete an array of destructive pursuits on contaminated equipment. “The actor sent a Trojanized variation of an software acknowledged to be used by their sufferer of choice, representing a recognised characteristic of Lazarus,” the researchers pointed out.
According to preceding conclusions by Kaspersky, the MATA campaign is capable of placing Windows, Linux, and macOS running methods, with the attack infrastructure enabling the adversary to have out a multi-staged infection chain that culminates in the loading of supplemental plugins, which let access to a wealth of facts such as information stored on the product, extract delicate databases info as perfectly as inject arbitrary DLLs.
Further than Lazarus, a Chinese-speaking APT threat actor, suspected to be HoneyMyte, was located adopting the similar tactic, whereby a fingerprint scanner program installer package deal was modified to set up the PlugX backdoor on a distribution server belonging to a govt company in an unnamed country in South Asia. Kaspersky referred to the supply-chain incident as “SmudgeX.”
The progress arrives as cyber attacks aimed at the IT offer chain have emerged as a prime worry in the wake of the 2020 SolarWinds intrusion, highlighting the have to have to undertake strict account security procedures and consider preventive steps to secure business environments.
Identified this posting interesting? Comply with THN on Facebook, Twitter and LinkedIn to go through more distinctive content we write-up.
Some components of this article are sourced from: