• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Lazarus Group Targets South Korean Finance Firm Via Zero-Day Flaw

You are here: Home / General Cyber Security News / Lazarus Group Targets South Korean Finance Firm Via Zero-Day Flaw
March 8, 2023

The North Korean threat actor recognised as Lazarus Group has been noticed exploiting flaws in unnamed software to gain access to a South Korean finance agency two times last calendar year. The news arrives from security scientists at Asec, who posted an advisory about the attacks on Tuesday.

The corporation recorded the to start with of the attacks in Might 2022, when the next happened in Oct of the identical yr. Both equally functions reportedly relied on the identical zero-working day vulnerability.

“During the infiltration in Might 2022, the affected company was working with a vulnerable version of a certificate system that was normally employed by community establishments and universities,” reads the Asec advisory.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“After the incident, they up to date all of their computer software to their most recent variations. Even so, the Lazarus group used the software’s zero-day vulnerability to carry out their infiltration this time.”

Asec reported that, after discovering the flaw, it disclosed it to the Korea Internet & Security Company (KISA).

“Since the vulnerability has not been totally verified but and a computer software patch has not been introduced, we will be omitting the manufacturer and software from this article,” Asec wrote.

From a technological standpoint, the menace actors employed a Carry Your Individual Susceptible Driver (BYOVD) technique to exploit the software’s susceptible driver kernel modules and disable security items on infected equipment.

“Additionally, they would execute anti-forensic approaches to cover their malicious behaviors by possibly transforming file names ahead of deleting them or modifying timestamps,” explained Asec.

More typically, the security scientists pointed out that whilst the certificate application in concern is typically made use of in Korea, it does not function car-updates.

“Since these kinds of application are not up-to-date quickly, they have to be manually patched to the most recent model or deleted if unused.”

Even more, as the target company was re-infiltrated by the similar hacker team making use of a similar strategy, Asec recommended precise pointers for companies to protect versus comparable attacks.

“Instead of having only write-up-attack measures, ongoing monitoring is required to reduce recurrences.”

The Asec advisory arrives weeks following Eset researchers joined a payload of the Wslink downloader named WinorDLL64 to Lazarus Team threat actors.


Some areas of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News SYS01 Stealer Targets Critical Infrastructure With Google Ads
Next Post: US RESTRICT Act Gains Supports, Empowers Biden to Ban Foreign Tech Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Free decryptor released for Conti ransomware variant infecting hundreds of organisations
  • Bitwarden to release fix for four-year-old vulnerability
  • THN Webinar: 3 Research-Backed Ways to Secure Your Identity Perimeter
  • New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks
  • A New Security Category Addresses Web-borne Threats
  • ICO Reprimands Metropolitan Police for Data Snafu
  • Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware
  • Russian Military Preparing New Destructive Attacks: Microsoft
  • Podcast transcript: The changing face of cyber warfare
  • Vishing Campaign Targets Social Security Administration

Copyright © TheCyberSecurity.News, All Rights Reserved.