Cybersecurity and Infrastructure Security Agency (CISA) sent out an alert about BlindingCan in August 2020, warning that Hidden Cobra – another name for Lazarus that’s used by the U.S. Researchers have also seen Lazarus building supply-chain attack capabilities with an updated DeathNote (aka Operation Dream Job) malware cluster that consists of a slightly updated variant of the North Korean remote-access trojan (RAT) known as BlindingCan. This is hardly the first time that Lazarus has attacked the defense industry, Kaspersky noted, pointing to the similar, mid-2020 ThreatNeedle campaign. “The actor delivered a Trojanized version of an application known to be used by their victim of choice – a well-known Lazarus characteristic,” they wrote in Kaspersky’s latest quarterly threat intelligence report, released on Tuesday. MATA has historically been used to steal customer databases and to spread ransomware in various industries, but in June, Kaspersky researchers tracked Lazarus using MATA for cyber-espionage. The MATA malware framework can target three operating systems: Windows, Linux and macOS. Lazarus – a North Korean advanced persistent threat (APT) group – is working on launching cyberespionage-focused attacks on supply chains with its multi-platform MATA framework.
0 kommentar(er)
