The Seoul skyline in South Korea (Flickr – Laurie Nevayhttps://www.flickr.com/photos/laurienevay/, CC BY-SA 2.0 https://creativecommons.org/licenses/by-sa/2.0, via Wikimedia Commons).
A newly reported supply chain attack involved malicious hackers compromising financial and government websites so they would deliver malware to unsuspecting visitors. The tactic demonstrates the risks involved with requiring users to download software in order use your site properly.
In a blog post this week, researchers from ESET accuse the North Korean APT group known as Lazarus Group or Hidden Cobra of perpetrating an attack against certain South Korean websites that, ironically enough, require visitors to install specialized security software on their devices before they can use the site.
This installation process is enabled via a downloadable integration installation application called Wizvera VeraPort. According to ESET, some websites are mandated to have Wizvera VeraPort installed for users so that any necessary browser plug-ins, security software or identity verification software can be automatically in ..
Support the originator by clicking the read the rest link below.
