• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Lazarus Group Targets South Korean Finance Firm Via Zero-Day Flaw

You are here: Home / General Cyber Security News / Lazarus Group Targets South Korean Finance Firm Via Zero-Day Flaw
March 8, 2023

The North Korean threat actor recognised as Lazarus Group has been noticed exploiting flaws in unnamed software to gain access to a South Korean finance agency two times last calendar year. The news arrives from security scientists at Asec, who posted an advisory about the attacks on Tuesday.

The corporation recorded the to start with of the attacks in Might 2022, when the next happened in Oct of the identical yr. Both equally functions reportedly relied on the identical zero-working day vulnerability.

“During the infiltration in Might 2022, the affected company was working with a vulnerable version of a certificate system that was normally employed by community establishments and universities,” reads the Asec advisory.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“After the incident, they up to date all of their computer software to their most recent variations. Even so, the Lazarus group used the software’s zero-day vulnerability to carry out their infiltration this time.”

Asec reported that, after discovering the flaw, it disclosed it to the Korea Internet & Security Company (KISA).

“Since the vulnerability has not been totally verified but and a computer software patch has not been introduced, we will be omitting the manufacturer and software from this article,” Asec wrote.

From a technological standpoint, the menace actors employed a Carry Your Individual Susceptible Driver (BYOVD) technique to exploit the software’s susceptible driver kernel modules and disable security items on infected equipment.

“Additionally, they would execute anti-forensic approaches to cover their malicious behaviors by possibly transforming file names ahead of deleting them or modifying timestamps,” explained Asec.

More typically, the security scientists pointed out that whilst the certificate application in concern is typically made use of in Korea, it does not function car-updates.

“Since these kinds of application are not up-to-date quickly, they have to be manually patched to the most recent model or deleted if unused.”

Even more, as the target company was re-infiltrated by the similar hacker team making use of a similar strategy, Asec recommended precise pointers for companies to protect versus comparable attacks.

“Instead of having only write-up-attack measures, ongoing monitoring is required to reduce recurrences.”

The Asec advisory arrives weeks following Eset researchers joined a payload of the Wslink downloader named WinorDLL64 to Lazarus Team threat actors.


Some areas of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News SYS01 Stealer Targets Critical Infrastructure With Google Ads
Next Post: US RESTRICT Act Gains Supports, Empowers Biden to Ban Foreign Tech Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
  • Meta Adds Passkey Login Support to Facebook for Android and iOS Users

Copyright © TheCyberSecurity.News, All Rights Reserved.