Latest Breaking News On - Threat analysis team - Page 2 : comparemela.com
Lazarus, advanced persistent threat group, targets the defense industry
ilonggotechblog.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from ilonggotechblog.com Daily Mail and Mail on Sunday newspapers.
Mar 2, 2021
Kaspersky researchers have identified a new, previously unknown, campaign from Lazarus, a highly prolific advanced threat actor active since at least 2009 that has been linked to a number of multifaceted campaigns.
Since early 2020, it has been targeting the defense industry with a custom backdoor dubbed ThreatNeedle. The backdoor moves laterally through infected networks gathering sensitive information.
Lazarus is one of today’s most prolific threat actors. Active since at least 2009, Lazarus has been involved in large-scale cyberespionage campaigns, ransomware campaigns, and even attacks against the cryptocurrency market. While the past few years they’ve been focusing on financial institutions, at the beginning of 2020, it appears they have added the defense industry to their “portfolio”.
Kaspersky den tehdit grubu Lazarus, savunma endüstrisini hedef alıyor tespiti
ogunhaber.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from ogunhaber.com Daily Mail and Mail on Sunday newspapers.
Before this most recent campaign, the hackers have been involved in other large-scale cyberespionage campaigns, ransomware campaigns, and even attacks against the cryptocurrency market. These latest attacks signal a change in direction.
Researchers said they became aware of this campaign when they were called in to assist with incident response and discovered the organization had fallen victim to the ThreatNeedle backdoor.
The initial infection occurs through spear-phishing, in which targets receive emails with malicious Word attachments or links to them hosted on company servers. These emails claim to have urgent updates on the coronavirus pandemic and appear to come from a respected medical center.
Kaspersky researchers first became aware of this campaign when they were called in to assist with incident response, and they discovered that the organisation had fallen victim to a custom backdoor (a type of malware that allows complete remote control over the device).
Dubbed ThreatNeedle, this backdoor moves laterally through infected networks and extracts confidential information. So far, organisations in more than a dozen countries have been affected.
Advertisement
Initial infection occurs through spear-phishing; targets receive emails that contain either a malicious Word attachment or a link to one hosted on company servers. Oftentimes, the emails claimed to have urgent updates related to the pandemic and came, supposedly, from a respected medical center.
vimarsana © 2020. All Rights Reserved.