Newest Report Uncovers Provide Chain Assaults by North Korean Hackers

Supply Chain Attacks by North Korea

Lazarus Group, the superior persistent menace (APT) group attributed to the North Korean authorities, has been noticed waging two separate provide chain assault campaigns as a way to realize a foothold into company networks and goal a variety of downstream entities.

The most recent intelligence-gathering operation concerned the usage of MATA malware framework in addition to backdoors dubbed BLINDINGCAN and COPPERHEDGE to assault the protection trade, an IT asset monitoring answer vendor based mostly in Latvia, and a assume tank situated in South Korea, in line with a brand new Q3 2021 APT Traits report printed by Kaspersky.

Automatic GitHub Backups

In a single occasion, the supply-chain assault originated from an an infection chain that stemmed from official South Korean safety software program operating a malicious payload, resulting in the deployment of the BLINDINGCAN and COPPERHEDGE malware on the assume tank’s community in June 2021. The opposite assault on the Latvian firm in Could is an “atypical sufferer” for Lazarus, the researchers mentioned.

It is not clear if Lazarus tampered with the IT vendor’s software program to distribute the implants or if the group abused the entry to the corporate’s community to breach different clients. The Russian cybersecurity agency is monitoring the marketing campaign beneath the DeathNote cluster.

That is not all. In what seems to be a distinct cyber-espionage marketing campaign, the adversary has additionally been noticed leveraging the multi-platform MATA malware framework to carry out an array of malicious actions on contaminated machines. “The actor delivered a Trojanized model of an utility identified for use by their sufferer of alternative, representing a identified attribute of Lazarus,” the researchers famous.

In line with earlier findings by Kaspersky, the MATA marketing campaign is able to putting Home windows, Linux, and macOS working methods, with the assault infrastructure enabling the adversary to hold out a multi-staged an infection chain that culminates within the loading of further plugins, which permit entry to a wealth of data together with information saved on the machine, extract delicate database info in addition to inject arbitrary DLLs.

Past Lazarus, a Chinese language-speaking APT menace actor, suspected to be HoneyMyte, was discovered adopting the identical tactic, whereby a fingerprint scanner software program installer package deal was modified to put in the PlugX backdoor on a distribution server belonging to a authorities company in an unnamed nation in South Asia. Kaspersky referred to the supply-chain incident as “SmudgeX.”

The event comes as cyber assaults aimed on the IT provide chain have emerged as a high concern within the wake of the 2020 SolarWinds intrusion, highlighting the necessity to undertake strict account safety practices and take preventive measures to guard enterprise environments.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts