• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Lazarus Group Attack Identified After Operational Security Fail

You are here: Home / General Cyber Security News / Lazarus Group Attack Identified After Operational Security Fail
February 2, 2023

A ransomware attack on targeted exploration, healthcare and strength sector corporations has been attributed to North Korea’s sophisticated persistent threat (APT) Lazarus Group just after the danger actor dedicated an “operational security blunder.”

Producing in an email to Infosecurity, WithSecure has mentioned that after investigating the attack, the crew joined it to a broader intelligence-gathering operation.

“While this was initially suspected to be an tried BianLian ransomware attack, the proof we collected quickly pointed in a unique route,” explained WithSecure senior risk intelligence researcher Sami Ruohonen.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“As we collected more proof, we turned far more confident that the attack was carried out by a team related to the North Korean govt.”

In accordance to the team, the new marketing campaign highlighted many “noteworthy developments” when compared to previous Lazarus Team action.

These incorporated the use of new infrastructure, such as the unique use of IP addresses with no area names, a modified model of the Dtrack backdoor and a novel variant of the Grease malware.

As for the operational security slip-up talked about by WithSecure, the crew stated the attacker utilised 1 out of a 1000 IP addresses belonging to North Korea that was noticed connecting to an attacker-managed web shell.

“In spite of the opsec fails, the actor demonstrated great tradecraft and still managed to carry out considered steps on meticulously selected endpoints,” warned Tim West, head of menace intelligence at WithSecure.

“Even with exact endpoint detection systems, organizations need to have to frequently think about how they answer to alerts, and also integrate targeted risk intelligence with common hunts to present better defense in depth, especially from able and adept adversaries.”

Attackers managed to reportedly exfiltrate 100GB of data, but WithSecure said they took no destructive action by the issue of disruption.

More information and facts about the attack and the malware made use of is offered in a full advisory released by WithSecure before nowadays.

The technological generate-up arrives weeks right after the FBI verified Lazarus Group was behind last year’s $100m theft from cryptocurrency business Harmony.


Some components of this report are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Women in CyberSecurity Calls for Participants for New Measuring Inclusion Workshops
Next Post: Arnold Clark Confirms Customer Data Compromised in Breach Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BreachForums Shuts Down After Admin’s Arrest
  • New Android Banking Trojan ‘Nexus’ Promoted As MaaS
  • CISA and NSA Enhance Security Framework With New IAM Guide
  • CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems
  • ScarCruft’s Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques
  • Surge in compromised credentials highlights rampant cyber hygiene failings
  • Preventing Insider Threats in Your Active Directory
  • Security Researchers Spot $36m BEC Attack
  • Just 1% of Dot-Org Domains Are Fully DMARC Protected
  • Ransomware Attacks Double in Europe’s Transport Sector

Copyright © TheCyberSecurity.News, All Rights Reserved.