An advanced persistent threat group also known as the Guardians of Peace or Whois Team, The Lazarus group has updated the arsenal with a new weapon that is as perilous as any digital threat that we have known.
Researchers have once again spotted the Lazarus group in action albeit this time using its own ransomware called VHD. Researchers established this connection during the analysis of attacks conducted by Lazarus on businesses in Asia and France.
- The threat actors commenced the chain of infections by gaining access to the target networks after exploiting vulnerable VPN gateways.
- A backdoor was installed after the privileges on the compromised network were escalated, which is a part of the MATA malware framework.
- This framework was previously associated with the North Korea-based Lazarus Group based on the one-of-a-kind filenames used in versions of the Manuscrypt Trojan or Volgmer.
- Based on the tools leveraged to deploy the ransomware as a part of the two attacks analyzed and the lateral movement techniques used by the threat actors, VHD was linked with the Lazarus group.
Staying Protected and Safe –
- Keep all systems, software, and applications are updated with the latest security patches.
- Include a network audit to be part of the cybersecurity strategy on a regular basis. Conduct a cybersecurity audit of organizational networks to mitigate vulnerabilities discovered in the perimeter or inside the network.
- Arm the security teams with the latest threat intelligence and TTPs.
Over the years, the Lazarus group has always been motivated financially and has targeted various large global organizations. However, the Lazarus had largely been dormant since the notorious WannaCry outbreak. With these recent attacks, it is suspected that a trend is emerging, urging organizations to take proactive security measures against such threats.
To read more, please check eScan Blog