1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • North Korean hackers are carrying out even more cyberattacks than

    From TechnologyDaily@1337:1/100 to All on Mon Nov 27 16:15:04 2023
    North Korean hackers are carrying out even more cyberattacks than previously thought

    Date:
    Mon, 27 Nov 2023 16:05:25 +0000

    Description:
    Three separate campaigns were spotted in the last few months alone, with most being supply chain attacks.

    FULL STORY ======================================================================

    The Lazarus Group and its subsidiaries are running even more hacking
    campaigns than previously thought. Three separate campaigns linked to North Koreas most active state-sponsored threat actors have been reported in recent weeks, abusing various zero-days to steal sensitive information from target endpoints and deploy malware to establish persistence.

    BleepingComputer reported that the US National Cyber Security Centre (NCSC) and South Koreas National Intelligence Service (NIS) recently observed
    Lazarus abusing a zero-day in MagicLine4NX for supply chain attacks. MagicLine4NX is a security authentication software that allows secure logins for company employees.

    By leveraging the flaw, the group was able to drop malicious code onto the endpoints of their targets, conducting reconnaissance, data exfiltration, malware drops, lateral network movement, and more.

    Reader Offer: $50 Amazon gift card with demo
    Perimeter 81's Malware Protection intercepts threats at the delivery stage
    to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

    Preferred partner ( What does this mean? ) Funding nukes

    Finally, last week Microsoft warned of Lazarus targeting CyberLink, a known multimedia company from Taiwan. The group used this privilege to infect one
    of CyberLinks installers with malware, resulting in infections wherever the software was updated.

    The companies that grab the infected update will get LambLoad, a malware downloader that doesnt work on devices protected by FireEye, CrowdStrike, or Tanium, Microsoft added.

    If LambLoad spots none of these endpoint protection tools on the device, however, it will drop a fake PNG file that deploys the final payload. This payload can steal sensitive data, infiltrate software build environments, progress downstream, establish persistent access, and more.

    Lazarus is mostly interested in corporate espionage, financial fraud, and cryptocurrency theft. In fact, the group was behind one of the largest cryptocurrency heists of all time, when it managed to walk away with more
    than half a billion dollars in various cryptocurrencies from the Vietnamese Ronin bridge.

    Researchers speculate that the money is being used to fund North Koreas nuclear program. More from TechRadar Pro Microsoft claims CyberLink has been breached by North Korean hackers Here's a list of the best firewalls around today These are the best identity theft protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/north-korean-hackers-are-carrying-out-e ven-more-cyberattacks-than-previously-thought


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)