• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • About Us
  • Contact Us
  • Block Examples
  • Landing Page

iHash

News and How to's

  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

Feb 26, 2021 by iHash Leave a Comment

North Korean Hacker

A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry.

Attributing the attacks with high confidence to the Lazarus Group, the new findings from Kaspersky signal an expansion of the APT actor’s tactics by going beyond the usual gamut of financially-motivated crimes to fund the cash-strapped regime.

This broadening of its strategic interests happened in early 2020 by leveraging a tool called ThreatNeedle, researchers Vyacheslav Kopeytsev and Seongsu Park said in a Thursday write-up.

At a high level, the campaign leverages a multi-step approach that begins with a carefully crafted spear-phishing attack leading eventually to the attackers gaining remote control over the devices.

ThreatNeedle is delivered to targets via COVID-themed emails with malicious Microsoft Word attachments as initial infection vectors that, when opened, run a macro containing malicious code designed to download and execute additional payloads on the infected system.

The next-stage malware functions by embedding its malicious capabilities inside a Windows backdoor that offers features for initial reconnaissance and deploying malware for lateral movement and data exfiltration.

“Once installed, ThreatNeedle is able to obtain full control of the victim’s device, meaning it can do everything from manipulating files to executing received commands,” Kaspersky security researchers said.

Kaspersky found overlaps between ThreatNeedle and another malware family called Manuscrypt that has been used by Lazarus Group in previous hacking campaigns against the cryptocurrency and mobile games industries, besides uncovering connections with other Lazarus clusters such as AppleJeus, DeathNote, and Bookcode.

North Korean Hacker

Interestingly, Manuscrypt was also deployed in a Lazarus Group operation last month, which involved targeting the cybersecurity community with opportunities to collaborate on vulnerability research, only to infect victims with malware that could cause the theft of exploits developed by the researchers for possibly undisclosed vulnerabilities, thereby using them to stage further attacks on vulnerable targets of their choice.

Perhaps the most concerning of the development is a technique adopted by the attackers to bypass network segmentation protections in an unnamed enterprise network by “gaining access to an internal router machine and configuring it as a proxy server, allowing them to exfiltrate stolen data from the intranet network to their remote server.”

The cybersecurity firm said organizations in more than a dozen countries have been affected to date.

At least one of the spear-phishing emails referenced in the report is written in Russian, while another message came with a malicious file attachment named “Boeing_AERO_GS.docx,” possibly implying a U.S. target.

Earlier this month, three North Korean hackers associated with the military intelligence division of North Korea were indicted by the U.S. Justice Department for allegedly taking part in a criminal conspiracy that attempted to extort $1.3 billion in cryptocurrency and cash from banks and other organizations around the world.

“In recent years, the Lazarus group has focused on attacking financial institutions around the world,” the researchers concluded. “However, beginning in early 2020, they focused on aggressively attacking the defense industry.”

“While Lazarus has also previously utilized the ThreatNeedle malware used in this attack when targeting cryptocurrency businesses, it is currently being actively used in cyberespionage attacks.”

Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: computer security, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, Defense, firms, hacker news, Hackers, hacking news, how to hack, information security, Korean, Malware, network security, North, ransomware malware, software vulnerability, Targeting, the hacker news, ThreatNeedle

Special Offers

  • Luminox Black OPS Carbon Quartz Men's Watch XL.8802.F (Store-Display Model) for $199

    Luminox Black OPS Carbon Quartz Men's Watch XL.8802.F (Store-Display Model) for $199
  • Swarovski Vintage Swan Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $52

    Swarovski Vintage Swan Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $52
  • Accordina Ambient LED Collapsible Wireless Phone Charger for $29

    Accordina Ambient LED Collapsible Wireless Phone Charger for $29
  • Swarovski "Bee A Queen" Rhodium-Plated Crystal Necklace & Earring Set (Store-Display Model) for $84

    Swarovski "Bee A Queen" Rhodium-Plated Crystal Necklace & Earring Set (Store-Display Model) for $84
  • Swarovski New Love Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $65

    Swarovski New Love Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $65

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

E-mail Newsletter

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

Swarovski Vintage Swan Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $52

Apr 15, 2021 By iHash

Accordina Ambient LED Collapsible Wireless Phone Charger for $29

Apr 14, 2021 By iHash

Tags

* Apple computer security cyber attacks cyber crime cyber news cybersecurity Cyber Security cyber security news cyber security news today cyber security updates cyber threats cyber updates data breach data breaches google hacker hacker news Hackers hacking hacking news how to hack incident response information security iOS iOS 7 iOS 8 iPad iPhone iPhone 6 Malware microsoft network security OS X Yosemite Privacy ransomware malware risk management security security breaches security vulnerabilities software vulnerability the hacker news update video web applications
Copyright iHash.eu © 2021
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.