Over the past few years, the Lazarus group has been distributing its malicious software by exploiting fake job opportunities targeting employees in various industries, including defense, aerospace, cryptocurrency, and other global sectors. This attack campaign is called the DeathNote campaign and is also referred to as “Operation DreamJob”.
Kaspersky researchers have previously published the history of this campaign. Recently, they observed a similar attack in which the Lazarus group delivered archive files containing malicious files to at least two employees associated with the same nuclear-related organization over the course of one month. After looking into the attack, Kaspersky researchers were able to uncover a complex infection chain that included multiple types of malware, such as a downloader, loader, and backdoor, demonstrating the group’s evolved delivery and improved persistence methods.
Read more…
Source: Kaspersky
Related:
- Hackers Found Using A New Code Injection Technique to Evade Detection
April 13, 2018
While performing in-depth analysis of various malware samples, security researchers at Cyberbit found a new code injection technique, dubbed Early Bird, being used by at least three different sophisticated malware that helped attackers evade detection. As its name suggests, Early Bird is a “simple yet powerful” technique that allows attackers to inject malicious code into a legitimate ...
- AMD Acknowledges Newly Disclosed Flaws In Its Processors — Patches Coming Soon
March 20, 2018
MD has finally acknowledged 13 critical vulnerabilities, and exploitable backdoors in its Ryzen and EPYC processors disclosed earlier this month by Israel-based CTS Labs and promised to roll out firmware patches for millions of affected devices ‘in the coming weeks.’ According to CTS-Labs researchers, critical vulnerabilities (RyzenFall, MasterKey, Fallout, and Chimera) that affect AMD’s Platform Security ...
- Phishing still number one method for cyber-attacks
March 16, 2018
Microsoft has just released its annual cybersecurity report and it says that phishing is still the most popular way for cyber-criminals to attack, giving security experts everywhere headaches. To create the report, Microsoft scanned more than 400 billion emails, 450 billion authentications and 1.2 billion devices. More than half (53 per cent) of all email threats are phishing ...
- Ransomware: Get ready for the next wave of destructive cyberattacks
February 26, 2018
It might look to be out of the limelight compared to 2017, but it would be foolish to write ransomware off yet, as more attacks using the file-encrypting malware are ahead. High profile incidents like WannaCry, NotPetya and Bad Rabbit made ransomeware infamous last year. WannaCry and NotPetya have since both been attributed to be the work of nation-states – the former to North ...
- Hackers are selling legitimate code-signing certificates to evade malware detection
February 22, 2018
Security researchers have found that hackers are using code-signing certificates more to make it easier to bypass security appliances and infect their victims. New research by Recorded Future’s Insikt Group found that hackers and malicious actors are obtaining legitimate certificates from issuing authorities in order to sign malicious code. Read more… Source: ZDNet
- Bot and drone misuse could lead to cybercrime explosion
February 21, 2018
The rapid development of drones and artificial intelligence is a “game-changer” that will present a serious threat to national security if it isn’t addressed. The assessment, made by 26 experts from institutions including Cambridge and Oxford Universities, warns of the potential for malicious use of artificial intelligence (AI) by rogue states, criminals, and terrorists. The panel forecast ...