![]() ![]() “It seems the actor wants to execute the final payload very carefully, and wants to evade detection by behavior-based detection solutions,” the researchers write. The apparent increased specificity in targeting could indicate Lazarus Group is using previously gleaned intelligence, possibly from other hacking campaigns, to maximize its current fundraising efforts. “The final payload … was designed to run only on certain systems.” “Upon launch, the malware retrieves the victim’s basic system information … If the response code from the C2 server is 200, the malware decrypts the payload and loads it in memory,” Kaspersky researchers write. In a campaign targeting Windows users, for instance, attackers have included a final payload that is designed to run only on certain systems that appear to be predesignated, according to Kaspersky. But some of the campaigns Kaspersky details reveal that beyond just changing its tactics to evade detection, Lazarus Group has also been more selective in choosing victims. North Korean hacking campaigns have traditionally been focused on avoiding detection and tricking victims to unwittingly help fill out the DPRK’s coffers, which have been hampered in recent years as a result of economic sanctions. The best spyware/malware detection and removal solution in 2014 Lately I keep get odd little blips on my Mac screen when I open apps and or use various. ![]() They have also used a fake website and company called “UnionCryptoTrader.” One of the first techniques that attackers use to avoid antivirus detection is compression. ![]() The year prior, Kaspersky uncovered that these hackers were using another fake company, “Celas Trade Pro,” to target cryptocurrency exchanges. The hackers have been using a fake company, “JMT Trading,” to install backdoors to funnel funds to Pyongyang, multiple researchers revealed in 2019, for example. In the last two years, multiple researchers have revealed some of Lazarus Group’s latest antics relying on front companies. Namely, the hacking outfit has been tweaking some of its malware, delivery mechanisms, and payloads in an attempt to decrease their chances of getting caught, according to Kaspersky. North Korean hackers have for years been using different tactics to run cyber-enabled financial heists, most recently using front companies to compromise cryptocurrency-related businesses.Īnd although some of the fake companies and websites rarely pass the smell test - the links on these weaponized websites don’t always work - hackers known as Lazarus Group or APT38 have been getting increasingly careful in other areas, according to new Kaspersky Lab research. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |