The Crypto Game of Lazarus APT: Investors vs. Zero-days

Introduction Lazarus APT and its BlueNoroff subgroup are a highly sophisticated and multifaceted Korean-speaking threat actor. We closely monitor their activities and quite often see them using their signature malware in their attacks — a full-feature backdoor called Manuscrypt. According to our...

Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm

By Deeba Ahmed Previously, when the group exploited LinkedIn, it managed to pilfer a staggering $625 million from the Ronin Network RON blockchain network. This is a post from HackRead.com Read the original post: Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm...

Lazarus and the tale of three RATs

By Jung soo An, Asheer Malhotra and Vitor Ventura. Cisco Talos has been tracking a new campaign operated by the Lazarus APT group, attributed to North Korea by the United States government. This campaign involved the exploitation of vulnerabilities in VMWare Horizon to gain an initial foothold in...

Lazarus is back, targeting organizations with cryptocurrency thefts via TraderTraitor malware

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, and the U.S. Treasury Department Treasury have issued a joint Cybersecurity AdvisoryCSA to make organizations in the blockchai...

LAZARUS APT Using TraderTraitor Malware to Target Blockchain Orgs, Users

By Deeba Ahmed Lazarus APT group is backed by the North Korean government and is currently targeting organizations and unsuspecting users… This is a post from HackRead.com Read the original post: LAZARUS APT Using TraderTraitor Malware to Target Blockchain Orgs, Users...

New PseudoManuscrypt Malware Infected Over 35,000 Computers in 2021

Industrial and government organizations, including enterprises in the military-industrial complex and research laboratories, are the targets of a new malware botnet dubbed PseudoManyscrypt that has infected roughly 35,000 Windows computers this year alone. The name comes from its similarities to...

Lazarus APT Hackers are now using BMP images to hide RAT malware

A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap .BMP image file to drop a remote access trojan RAT capable of stealing sensitive information. Attributing the attack to the Lazarus Group...

Lazarus APT conceals malicious code within BMP image to drop its RAT

This blog was authored by Hossein Jazi Lazarus APT is one of the most sophisticated North Korean Threat Actors that has been active since at least 2009. This actor is known to target the U.S., South Korea, Japan and several other countries. In one of their most recent campaigns Lazarus used a...

Lazarus Targets Defense Companies with ThreatNeedle Malware

The prolific North Korean APT known as Lazarus is behind a spear-phishing campaign aimed at stealing critical data from defense companies by leveraging an advanced malware called ThreatNeedle, new research has revealed. The elaborate and ongoing cyberespionage campaign used emails with COVID-19...

TrickBot Switches to a New Windows 10 UAC Bypass to Evade Detection

The TrickBot trojan has evolved again to bolster its ability to elude detection, this time adding a feature that can bypass Windows 10 User Account Control UAC to deliver malware across multiple workstations and endpoints on a network, researchers have discovered. Researchers at Morphisec Labs te...

Threat Analysis Unit (TAU) Threat Intelligence Notification: OSX.Yort

In March of 2019 Kaspersky published an article about the Lazarus APT group continued targeting of financial entities. Their report noted that this new campaign being tracked was targeting both Windows and macOS users. The campaign used both malicious PowerShell scripts on windows as well as macO...

Olympic Destroyer Returns to Target Biochemical Labs

Olympic Destroyer, the threat actor that caused a crippling sabotage attack on the networks supporting this year’s Winter Games in Pyeongchang, South Korea, has resurfaced with a spy campaign – and with a wider target range. The new campaign began last month and is ongoing, employing spear-phishi...

Metadata Analysis Draws its Own Conclusions on WannaCry Authors

The most intriguing mystery that remains about WannaCry is the identity of the attacker. The theory with the best legs is that North Korea’s Lazarus APT is the entity behind the worldwide ransomware outbreak given the discovery of shared code samples in the malware with older Lazarus attacks. Tha...

WannaCry Shares Code with Lazarus APT Samples

As the first inkling of attribution emerged in the WannaCry ransomware outbreak, researchers found another attack using the same leaked NSA attack tools to spread the Adylkuzz cryptocurrency miner. Kafeine, a well-known exploit researcher who works for Proofpoint, said Monday that this attack cou...

Security Analyst Summit 2017 Day One Recap

SINT MAARTEN—Mike Mimoso and Chris Brook recap the first day of this year’s Security Analyst Summit, including Mark Dowd’s memory corruption bug keynote, Thomas Rid, Daniel Moore, Juan Andres Guerrero-Saade, and Costin Raiu’s Moonlight Maze talk, ATM hacking, and the Lazarus APT. Download:...