• North Korean Lazarus hackers are targeting nuclear workers

    From TechnologyDaily@1337:1/100 to All on Monday, December 23, 2024 12:00:06
    North Korean Lazarus hackers are targeting nuclear workers

    Date:
    Mon, 23 Dec 2024 11:43:44 +0000

    Description:
    Nuclear workers were also targeted with brand new malware.

    FULL STORY ======================================================================Kaspersk y recently discovered new additions to the Lazarus DreamJob campaign The criminalss targeted two people working in the same nuclear-related firm In
    the attack, they used updated malware to try and gain access

    The infamous Lazarus Group, a threat actor linked to the North Korean government, was recently observed targeting IT professionals within the same nuclear-related organization with new malware strains.

    These attacks seem to be a continuation of a campaign first kicked off in 2020, called Operation DreamJob (AKA Deathnote), were the attackers would create fake jobs and offer these dreamy positions to people working in defense, aerospace, cryptocurrency, and other global sectors, around the world.

    They would reach out via social media such as LinkedIn or X, and run multiple rounds of interviews. At any point during these interviews, the victims would be either dropped a piece of malware, or trojanized remote access tools. CookieTime and CookiePlus

    The end goal of this campaign is to either steal sensitive information, or cryptocurrency. Lazarus has, among other things, managed to steal roughly
    $600 million from a crypto company back in 2022.

    As Kaspersky explained in its latest writeup, in this case, Lazarus targeted two individuals with malicious remote access tools. They then used the tools to drop a piece of malware called CookieTime, which acted as a backdoor, allowing the attackers to run different commands on the compromised endpoint.

    This gave them the ability to move laterally across the network and download several additional malware strains, such as LPEClient, Charamel Loader, ServiceChanger, and an updated version of CookiePlus.

    Kaspersky says CookiePlus is particularly interesting, since it is a new plugin-based malicious program, discovered during the most recent investigation. It was loaded by both ServiceChanger and Charamel Loader, with variants being executed differently, depending on the loader. Since
    CookiePlus acts as a downloader, its functionality is limited, and it transmits minimal information.

    The attacks took place in January 2024, meaning Lazarus remains a major
    threat coming out of North Korea.

    Via The Hacker News You might also like Watch out - that dream job offer could be a malware scam Here's a list of the best antivirus tools on offer These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/north-korean-lazarus-hackers-are-target ing-nuclear-workers


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)