menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Malware News

>

Lazarus gr...
source image

Securelist

6d

read

313

img
dot

Image Credit: Securelist

Lazarus group evolves its infection chain with old and new malware

  • Lazarus group delivers archive files containing malicious files using new and old malware samples to two employees associated with same nuclear-related organization.
  • The group used multiple types of malware, such as a downloader, loader, and backdoor.
  • The DeathNote campaign is a series of cyber attacks by the Lazarus group that has been distributing its malicious software components by exploiting fake job opportunities to target employees in various sectors.
  • Lazarus group tends to pose as recruiters and contact targets on platforms like LinkedIn, Telegram, WhatsApp, etc.
  • They have been distributing trojanized remote access tools to convince the targets to connect to a specific server for skills assessment.
  • Their recently discovered attack adapted the same method of distributing trojanized remote access tools, but the infection chain has completely changed.
  • The group delivered malicious compressed ISO files to its victims to go undetected, since ZIP archives are easily detected by many services.
  • The malware-to-malware flowchart created by the group defines the cookies and payloads that were sent and received by its malware components.
  • CookiePlus is a new modular malware introduced by the Lazarus group that disguises itself as open-source plugins.
  • The group has been using compromised web servers running WordPress as C2s for most of their campaigns.

Read Full Article

like

18 Likes

For uninterrupted reading, download the app