Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 25 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Energy Providers Targeted by Lazarus Group

Earlier this year, energy providers across the world were targeted by North Korean threat actor group, Lazarus Group.

by Guru Writer
September 12, 2022
in Cyber Bites
North Korea flags
Share on FacebookShare on Twitter

Larazrus Group, the North Korean threat actor group, targeted a malicious campaign towards energy providers around the world between February and July 2022.

In April and May, the campaign was partially disclosed by Symantec and AhnLab, respectively. Cisco Talos is providing more details now.

In an advisory written on Thursday, Cisco Talos said that the Lazarus campaign involved the exploitation of vulnerabilities in VMWare Horizon to gain initial access to targeted organisation.

The advisory stated: “The initial vector was the exploitation of the Log4j vulnerability on exposed VMware Horizon servers. Successful post–exploitation led to the download of their toolkit from web servers.”

“In most instances, the attackers instrumented the reverse shell to create their own user accounts on the endpoints they had initial access to.”

The security researchers said that they discovered the use of two unknown malware families, YamaBot and VSingle, alongside the deployment of a recently disclosed implant they called ‘MagicRAT.’

“Once the backdoors and implants were persisted and activated on the endpoint, the reverse shell used to perform cleanup[…], this included deleting all files in the infection folder along with the termination of the PowerShell tasks.”.

“The attacker–created accounts were removed and finally, the Windows Event logs […] would be purged.”

Organisations targeted, according to Cisco Talos, were from countries including Canada, Japan and the US.

Additionally, the write up reads: “The campaign is meant to infiltrate organizations around the world for establishing long–term access and subsequently exfiltrating data of interest to the adversary’s nation–state.”

This advisory is the latest in a long list describing the Lazarus Group’s activity over summer.

In June, it was reported that the threat actor may be behind the $100m theft from cryptocurrency firm Harmony.

 

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Why Should Tech Businesses Prioritise Occupational Health?    

Next Post

Policy Monitor to launch CSPM, an Information Security Management System, at the International Cyber Expo

Recent News

Synopsys discover new vulnerability in Pluck Content Management System

Synopsys discover new vulnerability in Pluck Content Management System

March 24, 2023
Dole Food Company

Dole confirms employee data was breached following February ransomware attack

March 24, 2023
call centre

MyCena Improves Customer Data Access Protection in Call Centers and BPOs

March 23, 2023
Blue logo, capitalised letters. SPECOPS.

Fortune 500 Company Names Found in Compromised Password Data

March 23, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information