Cyber4Sight has analyzed the malware distributed via the compromised Polish Financial Supervision Authority webpage and used in targeted attacks against a number of large banks and telecommunication companies. Cyber4Sight has identified a potential link to Russian developers, although this could easily be a false flag, and has created detection logic in the form of YARA rules for known and potentially new but related samples of the malware. Finally, although some researchers have claimed a connection between the malware used in this campaign and code used in attacks by the Lazarus Group, Cyber4Sight assesses that there are a number of theories that could account for this, and at this point, the campaign cannot be attributed with any real accuracy to either the Lazarus Group or to Russian developers.
View full story
Original source: Cyber4sight