Cyber Security

A Cascade of Compromise: Kaspersky Exposes Lazarus’ New Campaign Exploiting Legitimate Software

175
(source: Kaspersky)

A new campaign by the infamous Lazarus group targeting organizations worldwide has been uncovered by Kaspersky’s Research and Analysis Team (GReAT). The research presented at Security Analyst Summit (SAS) revealed a sophisticated APT campaign distributed via malware and spread through legitimate software.

The team identified a series of cyber incidents that involved targets being infected through legitimate software designed to encrypt web communication using digital certificates. Despite vulnerabilities being reported and patched, organizations worldwide still used the flawed version of the software, providing an entry point for the infamous Lazarus group.

The adversary exhibited a high level of sophistication, employing advanced evasion techniques and deploying a “SIGNBT” malware to control the victim. They also applied the already well-known LPEClient tool, previously seen targeting defense contractors, nuclear engineers and the cryptocurrency sector. This malware acts as the initial point of infection and plays a crucial role in profiling the victim and delivering the payload. Kaspersky researchers’ observations indicate that LPEClient’s role in this and other attacks aligns with the tactics employed by the Lazarus group, as also seen in the notorious 3CX supply chain attack.

Further investigation revealed that the Lazarus malware had already targeted the initial victim, a software vendor, several times before. This pattern of recurring attacks indicates a determined and focused adversary, likely with an intention to steal critical source code or disrupt the software supply chain. The threat actor consistently exploited vulnerabilities in the company’s software and broadened their scope by targeting other companies that used the unpatched version of the software. Kaspersky’s Endpoint Security solution identified the threat proactively and prevented further attacks against other targets.

“The Lazarus group’s continued activity is a testament to their advanced capabilities and unwavering motivation. They operate on a global scale, targeting a wide range of industries with a diverse toolkit of methods. This signifies an ongoing and evolving threat that demands heightened vigilance,” said Seongsu Park, Lead Security Researcher at Kaspersky’s Global Research and Analysis Team.

To avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky researchers recommend implementing the following measures:

  • Regularly update your operating system, applications, and antivirus software to patch any known vulnerabilities.

  • Be cautious of emails, messages, or calls asking for sensitive information. Verify the sender’s identity before sharing any personal details or clicking at suspicious links.

  • Provide your SOC team with access to the latest threat intelligence (TI). The Kaspersky Threat Intelligence Portal is a single point of access for the company’s TI, providing cyberattack data and insights gathered by Kaspersky spanning over 20 years.

  • Upskill your cybersecurity team to tackle the latest targeted threats with Kaspersky online training developed by GReAT experts

  • For endpoint level detection, investigation, and timely remediation of incidents, implement EDR solutions such as Kaspersky Endpoint Detection and Response.

To learn more details about the campaign, visit Securelist.com.

Written by
Tech Beat Philippines

Tech Beat Philippines is the social media news platform for all things technology. It is also a part of the GEARS section on Daddy's Day Out.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Daddy’s Day Out is a platform that celebrates modern masculinity and offers a space where men can unite, learn, and grow together. It fosters a community where authenticity, support, and self-expression thrive unapologetically.

Related Articles

CICC Provides Steps to Fix “Blue Screen of Death” Issue in Windows

On July 19, 2024, the dismaying “Blue Screen of Death” (BSOD) occurred...

Kaspersky Calls for Stronger Cybersecurity Measures in Schools and Universities

Global cybersecurity and digital privacy company Kaspersky emphasized the urgent need for...

CICC and Scam Watch Pilipinas Encourages Public to Report Text Scams via DICT’s eGov App

The Cybercrime Investigation Coordinating Center (CICC) and Scam Watch Pilipinas are advising the public...

Kaspersky Safe Kids Receives ‘Approved’ Certifications for Effective Inappropriate Content Protection

Kaspersky Safe Kids has received ‘Approved’ certificates from independent testing organizations for...