SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Malware
#
CIOs
Kaspersky sheds light on Lazarus group's new campaign
Tue, 31st Oct 2023
Author image
By Shannon Williams, Journalist
Follow us

Kaspersky's Global Research and Analysis Team (GReAT) has disclosed a new campaign by the notorious Lazarus group. This malicious campaign is centred on the exploitation of organisations worldwide through legitimate software.

The GReAT unit discovered several cyber incidents where the targets were lured through genuine software designed for the encryption of web communication using digital certificates. Even after vulnerabilities were reported and patches issued, global companies persisted in using the compromised software version. This gave the notorious Lazarus group an opportunity to gain entry.

The adversary showcased a high degree of intricacy, applying advanced evasion techniques and releasing a SIGNBT malware to manipulate the victim. The threat actor also employed the familiar LPEClient tool—which has been previously witnessed targeting defence contractors, nuclear engineers, and the cryptocurrency sector. This malware serves as the initial access point for infection; it plays a crucial role in profiling the victim and delivering the payload. The role of LPEClient in this campaign aligns with the tactics adopted by the Lazarus group, as seen in previous attacks such as the 3CX supply chain attack.

The team's analysis further highlighted that the Lazarus malware had targeted the initial victim, a software vendor, multiple times in the past. This recurrence suggests a focused and persistent adversary, potentially interested in acquiring pivotal source code or causing disruption to the software supply chain. The threat actors consistently exploited vulnerabilities in the vendor's software, broadening their reach by also targeting other organisations relying on the unpatched version.

Lead Security Researcher at Kasperskys Global Research and Analysis Team, Seongsu Park, spoke of the Lazarus group's unwavering tenacity, noting their operation on a global scale. He said they targeted a wide range of industries through diverse means, indicating an evolving and persisting threat.

To prevent future targeted attacks by known or unknown threat actors, Kaspersky recommends several measures, including constant updates of the operating system, applications, and antivirus software to cover any known vulnerabilities. Persons should be wary of emails, messages, or calls asking for sensitive information, always verifying the sender's identity before sharing personal details or clicking suspicious links.

Kaspersky recommends providing access to the latest threat intelligence (TI) to your SOC team. The Kaspersky Threat Intelligence Portal serves as a single point of access for the company's TI, offering cyberattack data and insights collected over two decades. The cybersecurity team should be up-skilled to tackle current targeted threats. Implementing EDR solutions such as Kaspersky Endpoint Detection and Response is beneficial for endpoint level detection, detailed investigation, and timely remediation of incidents.

Related stories
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
Jason Haddix joins Flare as Field Chief Information Security Officer
AI tools linked to data exposure in 1 in 5 UK organisations
Trend Micro introduces AI-driven cyber risk management features
Top stories
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity
Record ransomware attacks in March 2024, report finds