A new cyber espionage campaign targeting US, Canadian, and Japanese energy providers has been linked to the North Korean state-sponsored Lazarus hacking group, according to security researchers.
Cisco Talos, a threat intelligence company, announced Thursday that Lazarus, also known as APT38, was observed targeting unidentified energy providers in the United States, Canada, and Japan between February and July of this year.
According to Cisco’s findings, the hackers exploited a year-old Log4j vulnerability known as Log4Shell to compromise internet-exposed VMware Horizon servers in order to gain an initial foothold on a victim’s enterprise network before deploying bespoke malware known as “VSingle” and “YamaBot” to gain long-term persistent access.
Japan’s national cyber emergency response team, known as CERT, recently linked YamaBot to the Lazarus APT. Symantec first disclosed information of this espionage campaign in April of this year, attributing the operation to “Stonefly,” another North Korean hacking group with some overlaps with Lazarus.
However, Cisco Talos discovered a previously unknown remote access trojan (RAT) called “MagicRAT,” which is attributed to the Lazarus Group and is used by hackers for reconnaissance and credential theft.
Talos researchers Jung soo An, Asheer
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: