Category: Lazarus

Alert for Software Developers: North Korea’s Lazarus Group Targets with Malicious Emails

A recent study by ReversingLabs has revealed that North Korea’s Lazarus Group is actively targeting software developers through a sophisticated email campaign. This campaign, part of the larger VMConnect initiative, uses deceptive job interview invitations to deliver malware, backdoors, data stealers, and data-wiping threats. The attackers have been impersonating the Capital One company logo in LinkedIn messages to increase their credibility and success rate.

Shannon Sharpe’s Instagram Account Hacked

Shannon Sharpe, the Hall of Fame NFL player with a storied 14-season career, has fallen victim to a cyber attack resulting in the hack of his Instagram account. Sharpe, who has over 3 million followers, issued a statement explaining that explicit content shared from his account was the work of cybercriminals. He urged his followers to disregard the inappropriate video and thanked them for their patience during the ordeal.

Teenager Arrested for Hack of Transport for London

In early September, Transport for London (TfL) experienced a cyber attack that led the National Crime Agency (NCA) to investigate and arrest a 17-year-old from Walsall under the Computer Misuse Act. The hack caused temporary suspensions of some TfL travel app services and website sections. The teenager, currently out on bail, will face further legal proceedings in the coming weeks.

Fortinet Faces Unauthorized Network Access

Fortinet has reported unauthorized access to its corporate network by a third party, suspected to be a ransomware attack. The breach affected servers of its software partners, impacting a portion of its Asia Pacific clientele. The company is still gathering details and will provide further updates once the situation is fully assessed.

Iranian OilRig Group Targets Iraqi Government Websites

Iranian threat actor group OilRig has recently been identified targeting Iraqi government websites with malware. According to cybersecurity firm Check Point, the compromised sites included those of the Ministry of Foreign Affairs and the Prime Minister’s office. OilRig, also known by aliases such as GreenBug, Hazel Sandstorm, Crambus, APT34, and Cobalt Gypsy, continues to be a significant cyber threat.

Australia Steps Up to Defend Pacific Islands Forum from Chinese Hackers

In response to a cyber attack on the Pacific Islands Forum Secretariat in February, the Australian government has dispatched technical teams to Fiji. With local cybersecurity expertise insufficient to counter the sophisticated, state-sponsored attacks from China, Australia’s intervention aims to bolster the region’s defenses and mitigate ongoing cyber threats.

The post Trending Cybersecurity news headlines on Google for today appeared first on Cybersecurity Insiders.

1.) The Federal Bureau of Investigation (FBI) has issued a nationwide alert regarding a hacking group known as “Phantom Hackers,” which is specifically targeting senior citizens. According to the FBI’s statement, these criminals impersonate bank representatives, convincing their victims to disclose sensitive information. This stolen information is subsequently exploited to drain bank accounts, deplete savings, and access retirement benefits stored in bank accounts. In some instances, the hackers gain the trust of their victims by falsely promising lottery winnings or fiat currency acquired through cryptocurrency trading.

2.) Security researchers at Zscalar recently uncovered a new malware variant called ‘BunnyLoader.’ This malware, associated with a burgeoning malware-as-a-service industry, possesses the capability to pilfer and replace data stored in the clipboard. Moreover, BunnyLoader can abscond with cryptocurrency from the targeted device and transmit data from remote keystrokes to command-and-control centers dispersed globally.

3.) A survey conducted by email security provider Egress highlights the growing challenge of identifying AI-generated phishing emails. The Phishing Threat Trends report suggests that most software and AI chatbots struggle to detect phishing emails crafted using artificial intelligence. Jack Chapman, Vice President of Threat Intelligence at Egress, believes that additional time may be required to develop defenses capable of recognizing such technologically sophisticated phishing attempts.

4.) Indian Logistics history witnessed a significant breach as the National Logistics Portal Marine exposed sensitive data due to misconfigured Amazon S3 buckets. Security researcher Bob Diachenko discovered that these storage resources contained a wealth of sensitive information, including crew members’ dates of birth, genders, passport numbers, expiration dates, nationalities, full names, travel expenses, and logistic details pertaining to ships, such as parcel invoices and shipping addresses. The Indian Transport Ministry, which launched the website in January, has acknowledged the issue and declared that it has since rectified the configuration.

5.) A report from ESET reveals that the Lazarus Hacking group, linked to North Korea, has initiated espionage campaigns targeting aerospace company networks using social engineering tactics. Typically, the hackers contact high-level executives on platforms like LinkedIn and send them links that ultimately lead to the download of espionage-related payloads. Recently, Lazarus posed as a recruiter from Meta to target an employee at a Spanish aerospace firm successfully. Although the hackers managed to infiltrate the network to a certain extent, the aerospace agency’s IT team thwarted their efforts, thanks to a timely tip-off from a forensic expert.

6.) Minnesota-based Metro Transit, a public transportation service provider, reported a cyberattack on October 2, 2023, prompting the freezing of its IT infrastructure. The company clarified that the cyber incident was unrelated to a Metro Transit bus accident involving a pickup truck, emphasizing that the accident occurred without any digital interference.

7.) Estes Express, a freight transit manager based in Virginia, found itself in the news due to a digital disruption. The company assured that it would provide more details regarding the incident once its IT team has thoroughly investigated the issue. However, a source from Estes Express’s Richmond headquarters hinted at the sophistication of the attack, suggesting it might be a variant of a Distributed Denial of Service (DDoS) attack.

8.) Predator Spyware, developed by Egyptian company Cytrox, has come under scrutiny for its alleged use in monitoring the mobile activities of Egyptian MP Ahmed Eltantawy, who is running for the 2024 Presidential elections. This situation appears to be a significant development, potentially surpassing the controversy surrounding the Pegasus Spyware, which targeted Amazon CEO Jeff Bezos and exposed his involvement with his current girlfriend, Lauren Sanchez. Further details are expected to emerge following a comprehensive investigation.

The post Cybersecurity related news headlines trending on Google appeared first on Cybersecurity Insiders.

North Korea’s Lazarus Group has reportedly designed new ransomware that is being targeted at M1 processors popularly running on Macs and Intel systems. And security researchers from ESET have discovered that the malware was uploaded to the VirusTotal operated system in Brazil and was targeted by a social engineering attack.

ESET claims the Lazarus campaign targeted specifically Macs as most of the journalists, high-profile dignitaries, and politicians use them to stay connected to the world.

Currently, evidence has been gathered that the attack is being propagated through false job offers and business deals and most of them are being synced to the code signing certificates.

Second is the news related to ransomware named HavanaCrypt that researchers from Cybereason claim to be targeting victims as fake Google software updates. And studies have revealed that the newly developed file-encrypting malware is using an Open-source password management library for encryption and is having capabilities of remaining anonymous, ex-filtrate data, and having abilities to give control to remote servers.

The third is something astonishing to read! Acronis, a firm that offers cybersecurity protection for IT infrastructure, has made a study and concludes that ransomware attacks will cause $30 billion in damage to governments across the world by 2023 and the estimate might double by the year 2026.

Interestingly, from the year 2012 to 2021, the loss is estimated to be $60 billion in cryptocurrency, and the past 16 months fetched a loss of $44 billion on a combined note…might be true!

Fourth is a news piece belonging to a Digital Transformation firm Orion Innovation which has been hit by the LockBit Ransomware group. The company claims that the gang that spreads file-encrypting malware struck its servers on Tuesday and is demanding a ransom ranging in millions to be paid by the first week of September.

The gang also mentioned in their ransomware note that there is no chance of negotiating the demanded sum and, if neglected, the stolen data will be released to the dark web.

Fifth is news about a new ransomware variant named BianLian that Cyber criminals are swarming to buy and deploy it on their targets. BianLian operates on Google created Open source programming language and was discovered in the wild by a security firm named Cyble Research Labs.

It’s been two months that they said ransomware operators are functioning and have so far targeted about 14 firms mainly related to Manufacturing, education and media and entertainment

As BianLian follows the process of dividing the encrypted content in 10 bytes of data, it easily evaded detection by antivirus products.

Sixth is the news related to a billing company that provides services to the healthcare sector. A ransomware attack on the servers of Practice and Resources has reportedly led to data compromise of over 942,138 patients and the New York based vendor has notified all the affected patients about the data breach and how they should follow certain steps to keep their identity intact from future threats. Conti Ransomware gang that is now defunct is suspected to be behind the attack and is yet to attain official confirmation.

 

The post Ransomware news headlines trending on Google appeared first on Cybersecurity Insiders.

Lazarus Group that is being funded by North Korea Military Intelligence is reportedly using signed executable to mimic a Coinbase website in order to attract employees and customers. The aim behind the said social engineering attack is simple, one to trap employees with fake job offers and second to lure customers in signing up the page and then steal their currency.

In what is known to our Cybersecurity Insiders, Lazarus Group of hackers has been indulging in such tactics from the past few weeks and has trapped so far around 60 customers and 13 employees.

All these days, they were busy launching phishing emails on corporate networks. But now have spread malware in disguise of a PDF file to employees in reputable positions at Coinbase.

We already know that North Korea leader Kim Jong Un is fulfilling his nuclear ambitions by stealing currency from banks, stealing cryptocurrency from individual accounts, and raiding crypto exchanges to steal currency.

The latest activity seems to be part of the treacherous act of duping Coinbase customers and employees.

Surprisingly, this is for the first time that Lazarus is being involved in malware distribution to devices loaded with MacOS and that too by impersonating a cryptocurrency exchanging company.

NOTE– Lazarus is also known in the world of cybercrime as Guardians of Peace and is being run and funded by the government of North Korea. United States Intelligence Community has given the group as Hidden Cobra and Microsoft has tagged the name of this group as ZINC. All the hackers in this group are trained and receive education from Kim Chaek University of Technology and also take courses at Kim II -Sung University and Moranbong University. And only after completing 6 years of education, they are inducted into the group as official hackers.

 

The post North Korea hackers impersonating Coinbase to lure employees and customers appeared first on Cybersecurity Insiders.

DeBridge Finance, that acts as a cross chain protocol, issued an affirmation that North Korea funded ‘Lazarus’ Group of hackers were behind the infiltration of servers early this year. The confirmation was carried out after a detailed investigation carried out by the company’s IT staff in coordination with a forensic provider.

Getting deep into the details, a notorious hacking group launched a phishing email attack on a few of the employees of deBridge Finance in mid this year. The email was laced with a malicious link and contained the subject line as “New Salary Adjustments”.

Unknowingly, an employee or two apparently clicked on the email. However, they were lucky enough as the threat monitoring system caught hold of the suspicious activity in time and blocked the entire event and was later investigated to know more details about the attack vector and its consequences.

Alex Smirnov, the Co-Founder of deBridge Finance, issued a statement that the company thwarted the phishing incident on time that was launched to target Web3 focused platforms.

Web3 focused platforms are those which give new meaning to the World Wide Web by incorporating decentralization, blockchain technologies and token-based economics.

NOTE- From the past two to three years, North Korea, under the regime of Kim Un Jong, has been launched financially motivated cyber attacks to fund the nuclear ambitions of Jong. Its prime targets so far have been cryptocurrency exchanges, NFT marketplaces, banks, investors and other type of funding organizations.

 

The post deBridge Finance confirms Lazarus hacking group behind Cyber Attack appeared first on Cybersecurity Insiders.