Story image

Why the Lazarus group poses a massive threat to businesses

Kaspersky Lab revealed that heightened cyberheist activity by the notorious Lazarus group will give rise to more fake supply chain attacks to deliver ever stealthier infections.

The cybergang has also been discovered to have reinforced its financial attack portfolio with malware targeting the MacOS platform.

Kaspersky senior researcher Seongsu Park says, “We have observed how the Lazarus group has constantly evolved--- from waging cyber espionage campaigns worldwide to financial attacks against major banks. Last year, we warned that they are not after your data anymore.

“And indeed, they aren’t. These state-backed attackers are now ramping up the sophistication of their attacks and widening their reach to steal more money and trick the cybersecurity industry.”

Kaspersky Lab researchers have analyzed the forensic details of the new malicious operations of the APT group, which at first glance looked like a supply chain attack.

Dubbed AppleJeus, the attack compromised users through the Trojanized trading application, Celas Trade Pro, developed by a legitimate company named Celas Limited.

Being Trojanized means infected by a Trojan, a type of malware often disguised as legitimate software.

Once activated, Trojans enable cybercriminals to spy on users, steal sensitive data, and gain backdoor access to systems.

Researchers found evidence that the heist against South Korea’s Cryptocurrency Exchange CoinIS, which lost almost US$2 million, was a malicious operation by the Lazarus group. Kaspersky Lab’s researcher believes that this cybergang targeted the online wallet of CoinIS's HTA (Home Trading Application) program user via this supply chain attack.

After this, these infamous hackers had to step up their game by using a more sophisticated strategy—faking supply chain attacks to steal cryptocurrency.

Researchers looked into the developer of the Trojanized trading application and found out that while the Celas LLC company possesses valid SSL certificate for signing its software and legitimate-looking registration records for the domain, the address registered in the certificate’s information leads to false locations, at least based on the publicly available information retrieved during the investigation.

The high-profile APT group has also developed a reconnaissance-module malware with almost the same capabilities when deployed into Windows software or a MacOS. This type of malware evaluates first if a device is worth attacking, before infecting it with a Trojan known as Fallchill in the form of a software update.

This old but reliable Trojan is another known tool associated with Lazarus.

“With major attacks up its sleeves --- such as the Bangladesh Bank heist and the WannaCry ransomware, to name a few, the Lazarus group is like a constant presence in the world of cybersecurity and it is getting quite adept at hiding and spreading its evil schemes.

“The extensive effort it exerts to create malware for the supposedly safer MacOS environment, and the intricate details needed to create a legitimate-looking application and software company, prove it is far from stopping. There are more attacks to come, and we had better be ready because it won’t get any easier,” warns Park.

To boost the defences of consumer devices and company networks from attacks like AppleJeus, Kaspersky Lab suggests being more prudent when choosing third-party vendors. The global cybersecurity company also calls for more caution when trusting legitimate-looking software applications, certificates, and developers.

What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.