IT threat evolution Q3 2018

[harlan4096]

Targeted attacks and malware campaigns

Lazarus targets cryptocurrency exchange

Lazarus is a well-established threat actor that has conducted cyber-espionage and cybersabotage campaigns since at least 2009. In recent years, the group has launched campaigns against financial organizations around the globe. In August we reported that the group had successfully compromised several banks and infiltrated a number of global cryptocurrency exchanges and fintech companies. While assisting with an incident response operation, we learned that the victim had been infected with the help of a Trojanized cryptocurrency trading application that had been recommended to the company over email.

An unsuspecting employee had downloaded a third-party application from a legitimate looking website, infecting their computer with malware known as Fallchill, an old tool that Lazarus has recently started using again.

It seems as though Lazarus has found an elaborate way to create a legitimate looking site and inject a malicious payload into a ‘legitimate looking’ software update mechanism – in this case, creating a fake supply chain rather than compromising a real one. At any rate, the success of the Lazarus group in compromising supply chains suggests that it will continue to exploit this method of attack.

The attackers went the extra mile and developed malware for non-Windows platforms – they included a Mac OS version and the website suggests that a Linux version is coming soon. This is probably the first time that we’ve seen this APT group using malware for Mac OS. It would seem that in the chase after advanced users, software developers from supply chains and some high-profile targets, threat actors are forced to develop Mac OS malware tools. The fact that the Lazarus group has expanded its list of targeted operating systems should be a wake-up call for users of non-Windows platforms.

Full reading: https://securelist.com/it-threat-evoluti...018/88635/