Its Research and Analysis Group Kaspersky (GReAT) revealed a new series of attacks by the infamous group Lazarus, which targeted organizations around the world
The research presented in Security Analyst Summit (SAS), revealed yet another set of APT-type threats, that is, a series of malicious software that spreads through official software.
The team GREAT identified a number of digital attacks that succeeded in infecting targets through legitimate software. The software in question is designed to encrypt online conversations using digital certificates. Despite the fact that system vulnerabilities had already been identified and patched, the majority of businesses worldwide were using the older version of the software, thus giving easy access to Lazarus.
The techniques of the group Lazarus possessed a high level of sophistication, using advanced means of evasion, as they created the malware “SIGNBT” to control the victim. Also, they used the already known tool LPEClient, which in the past has targeted weapons systems, nuclear scientists and even the cryptocurrency sector. This malware serves a very important role as it acts as the first point of infection while also profiling the victim during the attack.
Therefore, Kaspersky researchers concluded that its role LPEClient in this and other attacks it aligns with the tactics used by the team Lazarus, as was also observed in the infamous 3CX supply chain attack.
Further investigation revealed that the malware Lazarus it had already targeted the original victim, a software vendor, several times before. This pattern of repeated attacks indicates a malicious but determined threat actor, likely intent on intercepting code sequences or disrupting the supply chain. The threat actor was exploiting all the weaknesses in the operating systems of the enterprises. At the same time, the threat actor had focused on businesses that were using older versions of the software, thus widening the scope of its threat. The solution Endpoint Security by Kaspersky detected the threat in advance, preventing further attacks on further targets.
To avoid becoming a victim of a targeted attack, its researchers Kaspersky recommend the implementation of the following measures:
- You regularly update your operating system, applications and anti-virus software to patch any known system vulnerabilities.
- Be careful with Email, messages or calls requesting sensitive information. Verify the identity of the sender before sharing any personal information or clicking on suspicious links.
- Give your team access to new data about threat intelligence (TI). It Kaspersky Threat Intelligence Portal is an ideal tool for any business, providing all the know-how and data that Kaspersky has collected over the past two decades.
- Train your company's IT team with Kaspersky online training developed by its experts GREAT.
- To detect, investigate and remediate incidents at the endpoint level, implement solutions EDR, As the Kaspersky Endpoint Detection and Response.
Press Release
Do not forget to follow it Xiaomi-miui.gr on Google News to be informed immediately about all our new articles! You can also if you use RSS reader, add our page to your list by simply following this link >> https://news.xiaomi-miui.gr/feed/gn
