The infamous state-of-the-art persistent danger team (APT) Lazarus is behind two current cyber-attacks that focused two separate entities associated to COVID-19 research.
In a person attack, a Ministry of Wellness human body was strike with malware. The other incident involved the use of a different kind of malware towards a pharmaceutical firm that is producing a vaccine for the novel coronavirus. The organization is approved to produce and distribute the vaccine.
The attacks, which each occurred in the fall of 2020, were being recognized by researchers at Kaspersky. Regardless of the use of different practices, approaches, and methods (TTPs) in every single assault, the scientists have now assessed “with superior self esteem” that each destructive things to do can be attributed to the Lazarus team.
“Both equally attacks leveraged unique malware clusters that do not overlap a lot,” wrote researchers. “Even so, we can ensure that both equally of them are related to the Lazarus team, and we also uncovered overlaps in the submit-exploitation method.”
Scientists discovered that on October 27, two Windows servers belonging to the Ministry of Health entity had been compromised with complex malware known to Kaspersky as “wAgent.” Closer evaluation uncovered that the malware used towards the general public wellness office environment had the exact an infection plan as Lazarus’ earlier attacks on cryptocurrency organizations.
The attack on the pharmaceutical company took spot on September 25. Scientists found that the threat actor deployed Bookcode malware in a source-chain attack through a South Korean software package enterprise. This specific type of malware has been beforehand claimed by security vendor ESET to be related to Lazarus.
Bookcode and wAgent malware have identical functionalities, with both of those boasting a full-highlighted backdoor. Just after deploying the ultimate payload, the malware operator can choose manage of the victim’s equipment.
“These two incidents reveal Lazarus group’s curiosity in intelligence linked to COVID-19,” mentioned Seongsu Park, security skilled at Kaspersky. “While the team is largely identified for its economical functions, it is a excellent reminder that it can go after strategic exploration as nicely.”
Park went on to issue a grave warning to all companies striving to place an end to the lengthy-jogging world wide overall health pandemic.
“We feel that all entities at this time associated in routines these as vaccine investigation or disaster handling need to be on high notify for cyber-attacks,” stated Park.
Some pieces of this short article are sourced from: