Kaspersy has warned all organizations involved in COVID-19 research or vaccine development to be on high alert for cyberattacks as research and vaccine data is being sought by many APT groups. Version 1.0 Since 2018, Kaspersky ICS CERT has published annual summaries of advanced persistent threat (APT) activity targeting industrial-related organizations. The goal of these attacks appears to be to steal COVID-19 vaccine data to advance COVID-19 vaccine development in North Korea. Attacks are performed for financial gain and to achieve the political goals of the North Korean regime. The group has conducted many cyberattacks over the past decade and is believed to be behind the cyberattack on Sony Pictures in 2014 and the WannaCry ransomware attacks in 2017. The Lazarus Group is believed to be a North Korean state-sponsored hacking organization.
#Lazarus group apt full#
While the wAgent and Bookcode malware variants do not share much of the same code, they both have similar functions and act as fully featured, persistent backdoors that allow the operators to gain full control of infected devices.
Lazarus hackers have also previously delivered Bookcode malware via spear phishing campaigns and strategic website compromise.
#Lazarus group apt software#
While the initial attack vector in the pharmaceutical company cyberattack could not be confirmed, Lazarus group previously conducted an attack on a South Korean software company and the researchers suspect the hackers may have compromised the company’s source code for use in a supply chain attack. The attack on the government health ministry saw two Windows servers compromised, but the researchers were unable to identify the initial infection vector. The same infection scheme was used to deliver wAgent malware as was observed in previous Lazarus group cyberattacks on cryptocurrency businesses and Kaspersky had previously concluded that Bookcode malware is used exclusively by the Lazarus group. While the TTPs were different in both attacks, both malware variants are connected to the Lazarus group and there were similarities in the post-exploitation process. The second attack was on a pharmaceutical company on September 25 and saw Bookcode malware deployed. One attack was performed on Octoon a government health ministry using a sophisticated malware known to Kaspersky as wAgent. The cyberattacks occurred in the fall of 2020, with the APT group using different tactics techniques and procedures (TTPs) in each of the attacks. Kaspersky has confirmed the Lazarus Advanced Persistent Threat (APT) group has conducted two cyberattacks on entities involved in COVID-19 vaccine research.
0 kommentar(er)
