![]() ![]() Hyundai has disclosed a data breach impacting Italian and French car owners and those who booked a test drive, warning that hackers gained access to personal data. Hyundai data breach exposes owner details in France and Italy The Lazarus Group has also been linked to a successful breach of another defense contractor in Africa last July in which a “suspicious PDF application” was sent over Skype to ultimately drop a variant of a backdoor dubbed ThreatNeedle and another implant known as ForestTiger to exfiltrate data. Around the same time, the same backdoor is said to have been utilised to breach a defense contractor in Latin America using DLL side-loading techniques upon opening a specially-crafted PDF file using a trojanised PDF reader. The adversarial crew has since been blamed for the supply chain attack aimed at enterprise VoIP service provider 3CX that came to light last month.Īnother attack was discovered in March 2022 that targeted several victims in South Korea by exploiting the same security software to deliver downloader malware capable of delivering a backdoor as well as an information stealer for harvesting keystroke and clipboard data. The targets of these attacks included an IT asset monitoring solution vendor based in Latvia and a think tank located in South Korea, the latter of which entailed the abuse of legitimate security software that’s widely used in the country to execute the payloads. The Lazarus Group’s use of rogue PDF reader apps was previously revealed by Microsoft. In an alternative attack chain, the threat actor employed a trojanised version of a legitimate PDF reader application called SumatraPDF Reader to initiate its malicious routine. The targeting of the automotive and academic verticals is tied to Lazarus Group’s broader attacks against the defense industry, leading to the deployment of BLINDINGCAN (aka AIRDRY or ZetaNile) and COPPERHEDGE implants. The phishing attacks directed against crypto businesses typically entail using bitcoin mining-themed lures in email messages to entice potential targets into opening macro-laced documents in order to drop the Manuscrypt (aka NukeSped) backdoor on the compromised machine. A subset of the activity has also been tied to a group known as UNC2970. It’s worth noting that the DeathNote cluster is also tracked under the monikers Operation Dream Job or NukeSped. The deviation in targeting, along with the use of updated infection vectors, is said to have occurred in April 2020. While the nation-state adversary is known for its persistent attacks on the cryptocurrency sector, it has also targeted automotive, academic, and defense sectors in Eastern Europe and other parts of the world, in what’s perceived as a significant pivot. The North Korean threat actor known as the Lazarus Group has been observed shifting its focus and rapidly evolving its tools and tactics as part of a long-running activity called DeathNote. Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign
0 Comments
Leave a Reply. |