The toolkit aligns with other reporting of this campaign from Talos Intelligence and Symantec.” “The usage of Dtrack and Grease malware has been previously associated with Kimsuky, while Dtrack is also in the Lazarus arsenal. “The overall toolkit of the threat actor is very similar to other reported instances of North Korean groups,” the researchers said. The infrastructure used by the group during the attack has been tied to previous Lazarus campaigns identified by other security companies. The researchers attributed the attack to the Lazarus Group based on the malware used and several operational mistakes made by the group during their intrusion. We believe North Korea used this attack for technological and commercial espionage. We asses that this attack campaign is coming the 3rd Bureau of North Korean People’s Army. Despite the massive amounts of data stolen, the group never took destructive actions while in the victim network. The hackers used the bugs to gain access to a Zimbra mail server at the end of August 2022 and likely exfiltrated the contents of the mailboxes.īy October 2022, the group moved laterally to another vulnerable device on the network and used malware to eventually steal 100 GB of data on November 5. agencies expressed concern about in August 2022. The attackers were focused on intelligence gathering, and started with an attack on an unnamed company that was exploited through CVE-2022-27925 and CVE-2022-37042 – two bugs affecting digital collaboration platform Zimbra that U.S. The researchers named the campaign “No Pineapple” due to an error message that was found in the code of a backdoor tool found during their investigation. “Other victims of this campaign identified by WithSecure included health care research, a manufacturer of technology used in energy, research, defense, and health care verticals, as well as the chemical engineering department of a leading research university.” In recent years the Indian research and technology sector has been a common target of those North Korean threat groups with a focus on intelligence collection,” the researchers said. “One of the victims was in the health care research vertical within India. But on closer examination, they assessed that several key factors pointed to Lazarus. Security analysts at WithSecure said they were called on to respond to a cyberattack that they initially tied to the BianLian group - a ransomware gang that has targeted the health care, education, insurance and media industries since at least December 2021. The North Korean military’s notorious hacking arm - known as the Lazarus Group – has been accused of targeting public and private sector research organizations, an Indian medical research company and other businesses in the energy sector. Hackers linked to North Korea targeted Indian medical org, energy sector
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |