![]() In many cases, malicious files are DLL components that were side-loaded by legitimate EXEs, but from an unusual location in the file system. The commonality between the droppers was that they are trojanized open-source projects that decrypt the embedded payload using modern block ciphers with long keys passed as command line arguments. The attackers deployed several malicious tools on each system, including droppers, loaders, fully featured HTTP(S) backdoors, HTTP(S) uploaders and downloaders. Attacks started after these documents were opened. The complexity of the attack indicates that Lazarus consists of a large team that is systematically organized and well prepared.īoth targets were presented with job offers – the employee in the Netherlands received an attachment via LinkedIn Messaging, and the person in Belgium received a document via email.Lazarus also used in this campaign their fully featured HTTP(S) backdoor known as BLINDINGCAN.It uses techniques against Windows kernel mechanisms that have never been observed in malware before. This tool, in combination with the vulnerability, disables the monitoring of all security solutions on compromised machines.This vulnerability affects Dell DBUtil drivers Dell provided a security update in May 2021. The most notable tool used in this campaign represents the first recorded abuse of the CVE‑2021‑21551 vulnerability. ![]() The Lazarus campaign targeted an employee of an aerospace company in the Netherlands, and a political journalist in Belgium.It is responsible for high-profile incidents such as both the Sony Pictures Entertainment hack and tens-of-millions-of-dollar cyberheists in 2016, the WannaCryptor (aka WannaCry) outbreak in 2017, and a long history of disruptive attacks against South Korean public and critical infrastructure since at least 2011. Lazarus (also known as HIDDEN COBRA) has been active since at least 2009. The primary goal of the attackers was data exfiltration. The campaign started with spearphishing emails containing malicious Amazon-themed documents and targeted an employee of an aerospace company in the Netherlands, and a political journalist in Belgium. ESET researchers uncovered and analyzed a set of malicious tools that were used by the infamous Lazarus APT group in attacks during the autumn of 2021.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |