Kaspersky’s Global Research and Analysis Team (GReAT) presented findings on a new campaign by the Lazarus hacker group targeting organizations around the world at the Security Analyst Summit (SAS).
researchers Kaspersky revealed this was a targeted attack aimed at spreading malware through the company’s legitimate software.
The GReAT team discovered a string of cyberattacks in which targets were infected via malware masquerading as legitimate software, designed to encrypt web traffic with digital certificates. ). However, organizations around the world continued to use the problematic version of the software even after the vulnerabilities were discovered and patched, creating an opportunity for the Lazarus group to conduct cyberattacks.
Cyber attackers take control of victims with “SIGNBT” malware and use sophisticated evasion techniques to avoid detection. The LPEClient tool was also used in this campaign. In the past, cyber attackers have also used this tool to target nuclear engineers, defense contractors, and the cryptocurrency market. In addition to serving as the initial point of infection, the malware also collects information to profile victims and distribute payloads.
Further investigations revealed the Lazarus group’s malware repeatedly targeted software vendors. The continuous frequency of attacks shows this group of hackers’ motivation to disrupt the software supply chain and their determination to steal important company source code. Accordingly, attackers continuously exploit vulnerabilities in the company’s software and expand the scope of spread by targeting other companies using unpatched versions of the software. Kaspersky Endpoint Security solution detected the threat and provided measures to prevent further attacks.
“The continuous attacks by the Lazarus hacker group are a testament to the changing tactics and attack efforts of cybercriminals. They operate on a global scale, targeting many industries with sophisticated methods of operation. This shows that the threat is still present and requires everyone to be highly vigilant,” Mr. Seongsu Park, Head of Security Research at the Global Research and Analysis Group (GReAT) at Kaspersky said.
To prevent the risk of becoming a victim of a targeted attack, Kaspersky researchers advise users to take the following measures:
- Regularly update your operating system, applications, and antivirus software to stay protected from potential vulnerabilities and security risks.
- Be cautious with emails, texts, or calls asking for sensitive information. Verify the identity of the person requesting the information before sharing any personal data or clicking on suspicious links.
- Grant access to the latest threat intelligence to the Security Operations Center (SOC). Kaspersky Threat Intelligence Portal is Kaspersky’s single point of access for threat intelligence, cyber attack data, and insights collected over 20 years.
