Category Archives: Lazarus Group

North Korea could accelerate commercial espionage to meet Kim’s economic deadline

Posted on by

Perhaps more than any other nation-state, North Korea-linked hackers have shown no limits in what they will target – from a Hollywood entertainment company to a Bangladeshi bank. Divining a method to the madness is key to warning potential victims. And analysts say that foreign corporations and defectors have been high on the list of Pyongyang’s potential targets lately. On New Year’s Day, North Korean dictator Kim Jong Un delivered his annual address, telling North Koreans, and the world, what would preoccupy his reclusive regime’s time in the coming months. The message was clear: with its nuclear weapons program well underway, Pyongyang would continue to try to develop its anemic economy. “The might of the independent socialist economy should be further strengthened,” he said. By 2020, according to its national economic development plan, North Korea wants to make advances in key sectors like coal, agriculture, and machinery, and time is running out. North Korea’s cyber […]

The post North Korea could accelerate commercial espionage to meet Kim’s economic deadline appeared first on CyberScoop.

Continue reading North Korea could accelerate commercial espionage to meet Kim’s economic deadline

Windows VCF Zero-Day Exploit Allows Remote Code Execution

Posted on by

A new unpatched vulnerability in Windows has been disclosed along with proof-of-concept exploit code. It could allow hackers to more easily install malware on computers, but it requires user interaction. The vulnerability was discovered by a security … Continue reading Windows VCF Zero-Day Exploit Allows Remote Code Execution

Ryuk Hauls in $3.7M in ‘Earnings,’ Adds TrickBot to the Attack Mix

Posted on by

The malware’s operator, Grim Spider, could be affiliated with Russian cybercrime rings, according to some — others say there’s no concrete evidence. Continue reading Ryuk Hauls in $3.7M in ‘Earnings,’ Adds TrickBot to the Attack Mix

Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack

Posted on by

Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned. The company says its systems were hit by the Ryuk ransomware, the same malware strain that crippled printing and delivery operations for multiple major U.S. newspapers over the weekend. Continue reading Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack

Microsoft Patches Another Actively Exploited Zero-Day Vulnerability

Posted on by

Microsoft released security updates for its products Dec. 11, fixing 38 vulnerabilities including a privilege escalation flaw in the Windows kernel that has been exploited by cyberespionage groups since October. The zero-day vulnerability, tracked as … Continue reading Microsoft Patches Another Actively Exploited Zero-Day Vulnerability

Hacking campaign on nuclear, defense sectors shares Lazarus Group tools, report says

Posted on by

Hackers behind a new campaign of cyberattacks that have targeted international critical infrastructure facilities are using malicious code linked to North Korea, according to research published Wednesday. Researchers from McAfee said “Operation Sharpshooter” has numerous technical links to the Lazarus Group, the group of suspected North Korean government hackers blamed for the 2014 breach at Sony Pictures and other well-publicized attacks. Operation Sharpshooter used a hacking tool called “Rising Sun” to target 87 organizations, mostly in the U.S., between October and November of this year, McAfee said. The cybersecurity vendor did not flatly tie this campaign to the North Korean government. “Attributing an attack to any threat group is often riddled with challenges, including potential ‘false flag’ operations by other threat actors,” the research states. “Technical evidence alone is not sufficient to attribute this activity with high confidence. However, based on our analysis, this operation shares multiple striking similarities with […]

The post Hacking campaign on nuclear, defense sectors shares Lazarus Group tools, report says appeared first on CyberScoop.

Continue reading Hacking campaign on nuclear, defense sectors shares Lazarus Group tools, report says

APT28 Pulls Out New Malware Cannon

Posted on by

The notorious Russian cyberespionage group known as APT28, Fancy Bear and Sofacy is targeting government organizations using a new Trojan program called Cannon. Researchers from Palo Alto Networks detected new spear-phishing campaigns from APT28 at th… Continue reading APT28 Pulls Out New Malware Cannon

Symantec researchers dissect North Korean malware used in ATM attacks

Posted on by

As the North Korean government has felt the bite of international sanctions, its hackers have reportedly carried out damaging raids on financial institutions to raise cash. Few operations capture that naked ambition more clearly than a scheme that has reportedly stolen tens of millions of dollars from ATMs in Africa and Asia. On Thursday, researchers from cybersecurity company Symantec detailed how the malware used in the ATM scheme intercepts fraudulent withdrawal requests and sends messages approving those withdrawals. The Lazarus Group, a broad set of North Korean hackers, is responsible for the so-called FastCash operation, according to Symantec. “FASTCash illustrates that Lazarus possesses an in-depth knowledge of banking systems and transaction processing protocols and has the expertise to leverage that knowledge in order to steal large sums from vulnerable banks,” Symantec researchers wrote in a blog post. The scheme has triggered simultaneous withdrawals from ATMs in 23 countries this year […]

The post Symantec researchers dissect North Korean malware used in ATM attacks appeared first on Cyberscoop.

Continue reading Symantec researchers dissect North Korean malware used in ATM attacks