Latest Breaking News On - Vyacheslav kopeytsev - Page 3 : comparemela.com
Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks
threatpost.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from threatpost.com Daily Mail and Mail on Sunday newspapers.
Lazarus, advanced persistent threat group, targets the defense industry
ilonggotechblog.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from ilonggotechblog.com Daily Mail and Mail on Sunday newspapers.
Mar 2, 2021
Kaspersky researchers have identified a new, previously unknown, campaign from Lazarus, a highly prolific advanced threat actor active since at least 2009 that has been linked to a number of multifaceted campaigns.
Since early 2020, it has been targeting the defense industry with a custom backdoor dubbed ThreatNeedle. The backdoor moves laterally through infected networks gathering sensitive information.
Lazarus is one of today’s most prolific threat actors. Active since at least 2009, Lazarus has been involved in large-scale cyberespionage campaigns, ransomware campaigns, and even attacks against the cryptocurrency market. While the past few years they’ve been focusing on financial institutions, at the beginning of 2020, it appears they have added the defense industry to their “portfolio”.
Workers stand near a Pratt & Whitney engine on a Boeing KC-46A Pegasus aerial refueling jet built for the U.S. Air Force at Boeing’s airplane production facility on February 22, 2021 in Everett, Washington. Details emerged about a phishing campaign targeting global defense companies.. (David Ryder/Getty Images)
Researchers at Kasperksy have tied a piece of malware used by Lazarus Group last seen targeting security vulnerability researchers earlier this year to another campaign by the North Korean hacking group focused on pilfering sensitive data from defense contractors across 12 countries since 2020.
Kaspersky researchers Vyacheslav Kopeytsev and Seongsu Park write that the group first gained an initial foothold through spearphishing emails. Many referenced or played off the global COVID-19 pandemic, while other example emails appeared to mimic job postings for defense contractors. Those emails contained a malicious Microsoft Word macro attachment
Before this most recent campaign, the hackers have been involved in other large-scale cyberespionage campaigns, ransomware campaigns, and even attacks against the cryptocurrency market. These latest attacks signal a change in direction.
Researchers said they became aware of this campaign when they were called in to assist with incident response and discovered the organization had fallen victim to the ThreatNeedle backdoor.
The initial infection occurs through spear-phishing, in which targets receive emails with malicious Word attachments or links to them hosted on company servers. These emails claim to have urgent updates on the coronavirus pandemic and appear to come from a respected medical center.
vimarsana © 2020. All Rights Reserved.