ESET researchers uncover a novel Lazarus supply-chain attack leveraging WIZVERA VeraPort software
ESET telemetry data recently led our researchers to discover attempts to deploy Lazarus malware via a supply-chain attack in South Korea. In order to deliver its malware, the attackers used an unusual supply-chain mechanism, abusing legitimate South Korean security software and digital certificates stolen from two different companies.
Lazarus toolset
The Lazarus group was first identified in Novetta’s report Operation Blockbuster in February 2016; US-CERT and the FBI call this group HIDDEN COBRA. These cybercriminals rose to prominence with the infamous case of cybersabotage against Sony Pictures Entertainment.
Some of the past attacks attributed to the Lazarus group attracted the interest of security researchers who relied on Novetta et al.’s white papers with hundreds of pages describing the tools used in the attacks – the Polish and Mexican banks, the WannaCryptor outbreak, phishing campaigns against US defense contractors, Lazarus KillDisk attack against Central American casino, etc. – and provides grounds for the attribution of these attacks to the Lazarus group.
Note that the Lazarus toolset (i.e., the collection of all files that are considered by the security industry as fingerprints of the group’s activity) is extremely broad, and we believe there are numero ..
Support the originator by clicking the read the rest link below.
