Story image

Why the Lazarus group poses a massive threat to businesses

Kaspersky Lab revealed that heightened cyberheist activity by the notorious Lazarus group will give rise to more fake supply chain attacks to deliver ever stealthier infections.

The cybergang has also been discovered to have reinforced its financial attack portfolio with malware targeting the MacOS platform.

Kaspersky senior researcher Seongsu Park says, “We have observed how the Lazarus group has constantly evolved--- from waging cyber espionage campaigns worldwide to financial attacks against major banks. Last year, we warned that they are not after your data anymore.

“And indeed, they aren’t. These state-backed attackers are now ramping up the sophistication of their attacks and widening their reach to steal more money and trick the cybersecurity industry.”

Kaspersky Lab researchers have analyzed the forensic details of the new malicious operations of the APT group, which at first glance looked like a supply chain attack.

Dubbed AppleJeus, the attack compromised users through the Trojanized trading application, Celas Trade Pro, developed by a legitimate company named Celas Limited.

Being Trojanized means infected by a Trojan, a type of malware often disguised as legitimate software.

Once activated, Trojans enable cybercriminals to spy on users, steal sensitive data, and gain backdoor access to systems.

Researchers found evidence that the heist against South Korea’s Cryptocurrency Exchange CoinIS, which lost almost US$2 million, was a malicious operation by the Lazarus group. Kaspersky Lab’s researcher believes that this cybergang targeted the online wallet of CoinIS's HTA (Home Trading Application) program user via this supply chain attack.

After this, these infamous hackers had to step up their game by using a more sophisticated strategy—faking supply chain attacks to steal cryptocurrency.

Researchers looked into the developer of the Trojanized trading application and found out that while the Celas LLC company possesses valid SSL certificate for signing its software and legitimate-looking registration records for the domain, the address registered in the certificate’s information leads to false locations, at least based on the publicly available information retrieved during the investigation.

The high-profile APT group has also developed a reconnaissance-module malware with almost the same capabilities when deployed into Windows software or a MacOS. This type of malware evaluates first if a device is worth attacking, before infecting it with a Trojan known as Fallchill in the form of a software update.

This old but reliable Trojan is another known tool associated with Lazarus.

“With major attacks up its sleeves --- such as the Bangladesh Bank heist and the WannaCry ransomware, to name a few, the Lazarus group is like a constant presence in the world of cybersecurity and it is getting quite adept at hiding and spreading its evil schemes.

“The extensive effort it exerts to create malware for the supposedly safer MacOS environment, and the intricate details needed to create a legitimate-looking application and software company, prove it is far from stopping. There are more attacks to come, and we had better be ready because it won’t get any easier,” warns Park.

To boost the defences of consumer devices and company networks from attacks like AppleJeus, Kaspersky Lab suggests being more prudent when choosing third-party vendors. The global cybersecurity company also calls for more caution when trusting legitimate-looking software applications, certificates, and developers.

Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.
Bitglass appoints new cloud, business development leaders
The cloud security company has appointed vice presidents for worldwide channels and worldwide business development.