The North Korea-linked threat actor known as Lazarus has been targeting users in South Korea through a supply chain attack that involves software typically required by government and financial organizations, ESET reported on Monday.
Lazarus is the most well known hacker group that is believed to be operating on behalf of the North Korean government, with attacks ranging from espionage to profit-driven operations. Unsurprisingly, many of the group’s operations are aimed at South Korea, including an interesting attack that was observed in recent months by ESET.
The campaign, believed to be part of an operation dubbed BookCodes by the Korea Internet & Security Agency, has been linked to Lazarus based on various aspects, including the malware used in the attacks, victimology, and the infrastructure leveraged by the attackers.
According to ESET, the hackers have targeted WIZVERA VeraPort, a piece of software that users need in order to be able to access services provided by some government and banking websites in South Korea.
The cybersecurity firm’s researchers believe the hackers haven’t actually compromised WIZVERA systems, and instead they have targeted the websites that use the software.
The attackers compromise web servers with VeraPort support and configure them to serve a malicious file instead of legitimate software. The malicious file is served when a user who has the VeraPort software installed visits the website associated with the compromised server.
For the attack to work, the hackers needed to sign their malware and in some cases they achieved this by abusing code-signing certificates issued to companies that provide physical and cyber security solutions.
The at ..
Support the originator by clicking the read the rest link below.
