The technical write-up comes weeks after the FBI confirmed Lazarus Group was behind last year's $100m theft from cryptocurrency firm Harmony. More information about the attack and the malware used is available in a complete advisory published by WithSecure earlier today. "Even with accurate endpoint detection technologies, organizations need to continually consider how they respond to alerts, and also integrate focused threat intelligence with regular hunts to provide better defense in depth, particularly against capable and adept adversaries."Īttackers managed to reportedly exfiltrate 100GB of data, but WithSecure said they took no destructive action by the point of disruption.
advanced persistent threat (APT) group Lazarus is targeting the defense.
Lazarus group apt windows#
This attribution is due to the similarities noted in a Kaspersky blog entry documenting an attack on the Windows side. "In spite of the opsec fails, the actor demonstrated good tradecraft and still managed to perform considered actions on carefully selected endpoints," warned Tim West, head of threat intelligence at WithSecure. Kaspersky links North Korean hacking group Lazarus to a cyber espionage campaign. The APT group called BlueNoroff is thought to act as a sub-group to the well-known Lazarus Group and is believed to be behind this attack. These included the use of new infrastructure, such as the exclusive use of IP addresses with no domain names, a modified version of the Dtrack backdoor and a novel variant of the Grease malware.Īs for the operational security mistake mentioned by WithSecure, the team said the attacker used one out of a 1000 IP addresses belonging to North Korea that was observed connecting to an attacker-controlled web shell. "As we collected more evidence, we became more confident that the attack was conducted by a group connected to the North Korean government."Īccording to the team, the new campaign highlighted several "noteworthy developments" compared to previous Lazarus Group activity. "While this was initially suspected to be an attempted BianLian ransomware attack, the evidence we collected quickly pointed in a different direction," explained WithSecure senior threat intelligence researcher Sami Ruohonen. Writing in an email to Infosecurity, WithSecure has said that after investigating the attack, the team linked it to a broader intelligence-gathering operation.
A ransomware attack on targeted research, medical and energy sector organizations has been attributed to North Korea's advanced persistent threat (APT) Lazarus Group after the threat actor committed an "operational security mistake."
0 kommentar(er)
