Found 26 bookmarks
Custom sorting
Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes
Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes
APT Lazarus has begun attempting to smuggle code using custom extended attributes. Extended attributes are metadata that can be associated with files and directories in various file systems. They allow users to store additional information about a file beyond the standard attributes like file size, timestamps, and permissions.
#group-ib#EN#2024#Extended#attributes#macos#Smuggling#APT#Lazarus
·group-ib.com·
Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes
Windows driver zero-day exploited by Lazarus hackers to install rootkit
Windows driver zero-day exploited by Lazarus hackers to install rootkit
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. #BYOVD #Bring #CVE-2024-38193 #Driver #Group #Lazarus #Microsoft #Own #Vulnerability #Your #Zero-Day
#bleepingcomputer#EN#2024#Your#Lazarus#Own#BYOVD#Driver#Zero-Day#Vulnerability#Bring#CVE-2024-38193#Group#Microsoft
·bleepingcomputer.com·
Windows driver zero-day exploited by Lazarus hackers to install rootkit
N. Korean hacking group stole massive amount of personal info from S. Korean court computer network
N. Korean hacking group stole massive amount of personal info from S. Korean court computer network
A North Korean hacking group had stolen a massive amount of personal information from a South Korean court computer network, probe results showed on Saturday. A total of 1,014 gigabytes worth of data and documents were leaked from Seoul's court computer network between January 2021 and February 2023 by the hacking group, presumed to be Lazarus, according to the joint probe by the police, the prosecution and the National Intelligence Service.
#m-en.yna.co.kr#North-Korea#stolen#Seoul#Lazarus#Court#South-Korea
·m-en.yna.co.kr·
N. Korean hacking group stole massive amount of personal info from S. Korean court computer network
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.
#avast#EN#2024#Lazarus#FudModule#CVE-2024-21338#vulnerability
·decoded.avast.io·
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
Microsoft has uncovered a supply chain attack by the threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp. This malicious file is a legitimate CyberLink application installer that has been modified to include malicious code that downloads, decrypts, and loads a second-stage payload. The file, which was signed using a valid certificate issued to CyberLink Corp., is hosted on legitimate update infrastructure owned by the organization.
#microsoft#EN#Lazarus#Supply-chain-attack#CyberLink
·microsoft.com·
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
New macOS 'KandyKorn' malware targets cryptocurrency engineers
New macOS 'KandyKorn' malware targets cryptocurrency engineers
A new macOS malware dubbed 'KandyKorn' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform. The attackers impersonate members of the cryptocurrency community on Discord channels to spread Python-based modules that trigger a multi-stage KandyKorn infection chain. Elastic Security discovered and attributed the attacks to Lazarus based on overlaps with past campaigns concerning the employed techniques, network infrastructure, code-signing certificates, and custom Lazarus detection rules.
#bleepingcomputer#EN#2023#macOS#Lazarus#Discord#Python-based#cryptocurrency#engineers#Targeted
·bleepingcomputer.com·
New macOS 'KandyKorn' malware targets cryptocurrency engineers
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | Securelist
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | Securelist
A DLL named guard64.dll, which was loaded into the infected 3CXDesktopApp.exe process, was used in recent deployments of a backdoor that we dubbed “Gopuram” and had been tracking internally since 2020.
#securelist#APT#Backdoor#Data-theft#Lazarus#Malware-Descriptions#Gopuram#guard64.dll#3CX
·securelist.com·
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | Securelist
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
During Q4 2022, WithSecure™ detected and responded to a cyber attack conducted by a threat actor that WithSecure™ have attributed with high confidence to an intrusion set referred to as Lazarus Group. Attribution with high confidence was based off of overlapping techniques tactics and procedures as well as an operational security mistake by the threat actor. Amongst technical indications, the incident observed by WithSecure™ also contains characteristics of recent campaigns attributed to Lazarus Group by other researchers.
#WithSecure#2023#EN#Case-study#Report#Lazarus#attack
·labs.withsecure.com·
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
MagicRAT: Lazarus’ latest gateway into victim networks
MagicRAT: Lazarus’ latest gateway into victim networks
  • Cisco Talos has discovered a new remote access trojan (RAT) we're calling "MagicRAT," developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor. * Lazarus deployed MagicRAT after the successful exploitation of vulnerabilities in VMWare Horizon platforms. * We've also found links between MagicRAT and another RAT known as "TigerRAT," disclosed and attributed to Lazarus by the Korean Internet & Security Agency (KISA) recently. * TigerRAT has evolved over the past year to include new functionalities that we illustrate in this blog.
#talosintelligence#EN#2022#MagicRAT#Lazarus#Lazarus-Group#North-Korea#TigerRAT#RAT
·blog.talosintelligence.com·
MagicRAT: Lazarus’ latest gateway into victim networks
Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity
Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity
ESET research uncovers attacks against several high-profile aerospace and military companies in Europe and the Middle East, with several hints suggesting a possible link to the Lazarus group.
#welivesecurity#EN#2022#Lazarus-Group#military#Europe#Lazarus#Operation#North-Korea
·welivesecurity.com·
Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | Securelist
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | Securelist
A DLL named guard64.dll, which was loaded into the infected 3CXDesktopApp.exe process, was used in recent deployments of a backdoor that we dubbed “Gopuram” and had been tracking internally since 2020.
#securelist#APT#Backdoor#Data-theft#Lazarus#Malware-Descriptions#Gopuram#guard64.dll#3CX
·securelist.com·
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | Securelist
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
During Q4 2022, WithSecure™ detected and responded to a cyber attack conducted by a threat actor that WithSecure™ have attributed with high confidence to an intrusion set referred to as Lazarus Group. Attribution with high confidence was based off of overlapping techniques tactics and procedures as well as an operational security mistake by the threat actor. Amongst technical indications, the incident observed by WithSecure™ also contains characteristics of recent campaigns attributed to Lazarus Group by other researchers.
#WithSecure#2023#EN#Case-study#Report#Lazarus#attack
·labs.withsecure.com·
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
MagicRAT: Lazarus’ latest gateway into victim networks
MagicRAT: Lazarus’ latest gateway into victim networks
* Cisco Talos has discovered a new remote access trojan (RAT) we're calling "MagicRAT," developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor. * Lazarus deployed MagicRAT after the successful exploitation of vulnerabilities in VMWare Horizon platforms. * We've also found links between MagicRAT and another RAT known as "TigerRAT," disclosed and attributed to Lazarus by the Korean Internet & Security Agency (KISA) recently. * TigerRAT has evolved over the past year to include new functionalities that we illustrate in this blog.
#talosintelligence#EN#2022#MagicRAT#Lazarus#Lazarus-Group#North-Korea#TigerRAT#RAT
·blog.talosintelligence.com·
MagicRAT: Lazarus’ latest gateway into victim networks
Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity
Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity
ESET research uncovers attacks against several high-profile aerospace and military companies in Europe and the Middle East, with several hints suggesting a possible link to the Lazarus group.
#welivesecurity#EN#2022#Lazarus-Group#military#Europe#Lazarus#Operation#North-Korea
·welivesecurity.com·
Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity
Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity
Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity
ESET research uncovers attacks against several high-profile aerospace and military companies in Europe and the Middle East, with several hints suggesting a possible link to the Lazarus group.
#welivesecurity#EN#2022#Lazarus-Group#military#Europe#Lazarus#Operation#North-Korea
·welivesecurity.com·
Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity