Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 1 April, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Disclosure of Chilean Redbanc Intrusion Leads To Lazarus Ties.

by The Gurus
January 16, 2019
in Opinions & Analysis
Disclosure of Chilean Redbanc Intrusion Leads To Lazarus Ties.
Share on FacebookShare on Twitter

By Vitali Kremez, Director of Research, Flashpoint

Flashpoint analysts believe that the ​recently disclosed intrusion​ suffered in December 2018 by Chilean interbank network Redbanc involved PowerRatankba, a malware toolkit with ties to North Korea-linked advanced persistent threat (APT) group Lazarus. Redbanc confirmed that the malware was installed on the company’s corporate network without triggering antivirus detection, however the threat has since been mitigated and did not impact company operations, services, or infrastructure.

This intrusion represents the latest known example of Lazarus-affiliated tools being deployed within financially motivated activity targeted toward financial institutions in Latin America.

Chilean Redbanc Intrusion: Reported Initial Attack Vector
According to recent reporting, the intrusion occurred due to malware delivered via a trusted Redbanc IT professional who clicked to apply to a job opening found through social media. The individual who appeared to have posted the open position then contacted the applicant from Redbanc to arrange a brief interview, which occurred shortly thereafter in Spanish via Skype. Having never expressed any doubts about the legitimacy of the open position, application, or interview process, the applicant was ultimately and unwittingly tricked into executing the payload.

Referenced Sample Leads to North-Korean Lazarus “PowerRatankba”

In the publicly referenced samples attributed to the Redbanc intrusion, Flashpoint analysts identified the dropper sample as being related to the Lazarus malware PowerRatankba. The dropper is a Microsoft Visual C#/ Basic .NET (v4.0.30319)-compiled executable that contains the logic to call the server and download a PowerRatankba PowerShell reconnaissance tool. The malware timestamp displays the possible compilation time of Wednesday, October 31, 2018, 00:07:53 UTC with the program database as F:\05.GenereatePDF\CardOffer\salary\salary\obj\Release\ApplicationPDF.pdb.

The dropper displays a fake job application form while downloading and executing PowerRatankba. The payload was not available from the server during the time of the analysis but was recovered from the sandbox at the time of analysis. This allowed analysts to create a likely scenario of how the malware chain worked.

FacebookTweetLinkedIn
Share3TweetShare
Previous Post

“Most Of The World’s Airports And Leading Destinations Remain Vulnerable To Criminal Or Rogue Mayhem”.

Next Post

Blue Planet Networks Appoints Steve Corfe As Its CEO.

Recent News

Data Privacy Day: Securing your data with a password manager

For Cybersecurity, the Tricks Come More Than Once a Year

March 31, 2023
cybersecurity training

Only 10% of workers remember all their cyber security training

March 30, 2023
Pie Chart, Purple

New API Report Shows 400% Increase in Attackers

March 29, 2023
Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

March 29, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information