• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
north korean hackers using windows update service to infect pcs

North Korean Hackers Using Windows Update Service to Infect PCs with Malware

You are here: Home / General Cyber Security News / North Korean Hackers Using Windows Update Service to Infect PCs with Malware
January 28, 2022

The infamous Lazarus Team actor has been observed mounting a new marketing campaign that will make use of the Windows Update support to execute its malicious payload, growing the arsenal of living-off-the-land (LotL) methods leveraged by the APT group to additional its goals.

The Lazarus Team, also identified as APT38, Hidden Cobra, Whois Hacking Staff, and Zinc, is the moniker assigned to the North Korea-dependent country-condition hacking team that’s been lively considering that at minimum 2009. Very last calendar year, the risk actor was joined to an elaborate social engineering campaign focusing on security researchers.

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The hottest spear-phishing attacks, which Malwarebytes detected on January 18, originate from weaponized paperwork with career-themed lures impersonating the American world wide security and aerospace business Lockheed Martin.

Opening the decoy Microsoft Term file triggers the execution of a destructive macro embedded within just the doc that, in switch, executes a Base64-decoded shellcode to inject a amount of malware parts into the explorer.exe course of action.

In the upcoming section, one of the loaded binaries, “drops_lnk.dll,” leverages the Windows Update client to operate a 2nd module termed “wuaueng.dll.” “This is an attention-grabbing approach employed by Lazarus to run its destructive DLL making use of the Windows Update Consumer to bypass security detection mechanisms,” scientists Ankur Saini and Hossein Jazi famous.

The cybersecurity agency characterized “wuaueng.dll” as “a person of the most crucial DLLs in the attack chain,” whose main objective is to build communications with a command-and-control (C2) server – a GitHub repository hosting malicious modules masquerading as PNG picture data files. The GitHub account is said to have been created on January 17, 2022.

Prevent Data Breaches

Malwarebytes said that the one-way links to Lazarus Team are based on numerous pieces of proof tying them to earlier attacks by the exact same actor, such as infrastructure overlaps, doc metadata, and the use of position chances template to single out its victims.

“Lazarus APT is a person of the state-of-the-art APT groups that is acknowledged to target the defense sector,” the researchers concluded. “The team keeps updating its toolset to evade security mechanisms. Even nevertheless they have applied their previous job topic method, they used several new techniques to bypass detections.”

Identified this write-up interesting? Observe THN on Facebook, Twitter  and LinkedIn to read through a lot more exceptional content material we post.


Some pieces of this posting are sourced from:
thehackernews.com

Previous Post: «north korean hackers return with stealthier variant of konni rat North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware
Next Post: Online Investment Fraud Network Taken Down by Law Enforcement Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.