SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Advanced Persistent Threat Protection
#
Cybersecurity
#
Malware
Korean-speaking threat groups strike close to home
Tue, 5th Nov 2019
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor
Follow us

Korean-speaking cyber threat groups seem to be ‘waging war' on the Korean peninsula and across Southeast Asia, according to a new report from cybersecurity firm Kaspersky.

Kaspersky's APT Trends Report Q3 2019  indicates that there are plenty of threats targeting the region.

One of those threats includes an Android malware disguised as a mobile messenger or cryptocurrency apps. The Korea Computer Emergency Response Team (CERT) and Kaspersky investigated the malware and linked it to a Windows malware strain called KONNI.

“KONNI is a Windows malware strain that has been used in the past to target a human rights organisation and personalities with an interest in Korean Peninsula affairs,” Kaspersky explains.

“It is also known for targeting cryptocurrencies by implementing full-featured functionalities to control an infected Android device and steal personal cryptocurrency using these features.

One of the most notorious APT threat groups, Lazarus, and its financial arm BlueNoroff, is being watched by Kaspersky. According to the company, researchers have been able to access information about how the threat group moves laterally to access high-value hosts and banks.

Kaspersky says that BlueNoroff uses a sophisticated malicious software that can run as a passive or active backdoor, or even a tunnelling tool, depending on the command line parameters. BlueNoroff is also evading detection by constantly changing its Powershell script.

"Targeted attacks against financial institutions combine sophisticated techniques - that were previously seen only in APT attacks - with typical criminal infrastructures used to launder the stolen goods,” comments Kaspersky global research - analysis team director Costin Raiu.

“In Q3, we've seen advanced threat actors such as Andariel and Lazarus' BlueNoroff arm attempting to breach not only banks, but investment companies and cryptocurrency exchanges, among others. We advise all companies in APAC to be vigilant and take precautions to guard against such attacks.

Another Lazarus group called Andariel APT Group has also attempted to build a new command and control infrastructure that exploits Weblogic servers through vulnerability CVE-2017-10271.

According to Kaspersky, the group was successful in similar trials. In one case, it used a legitimate signature from a South Korean security software vendor to implant malware. The case was quickly dealt with through the quick actions of the South Korean CERT.

The Q3 APT Trendsreport summarises the findings of Kaspersky Lab's subscriber-only threat intelligence reports, which also include Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware hunting.

Related stories
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
ExtraHop report shows Singapore firms vulnerable to ransomware attacks
Jason Haddix joins Flare as Field Chief Information Security Officer
Ransomware threats escalating in Southeast Asia – report
Top stories
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity
Record ransomware attacks in March 2024, report finds