Hacking group Lazarus targets South Korean supply chains

Update: 2020-11-16 21:45 IST

Hacking group Lazarus targets South Korean supply chains

Seoul: Hackers associated with the infamous Lazarus group, which is suspected of being tied to North Korea, are now targeting South Korean supply chains, cybersecurity researchers from ESET warned on Monday.

The attackers abused legitimate South Korean security software and digital certificates stolen from two different companies to deploy their malware, the researchers said.

The Lazarus Group's activities were widely reported after it was blamed for the 2014 cyber attack on Sony Pictures Entertainment and the 2017 WannaCry ransomware attack on countries including the US and Britain.

Malware researchers Anton Cherepanov and Peter Kalnai wrote that the hackers are particularly interested in supply chain attacks, because they allow them to covertly deploy malware on many computers at the same time.

"We can safely predict that the number of supply-chain attacks will increase in the future, especially against companies whose services are popular in specific regions or in specific industry verticals," the researchers wrote in a post detailing how ESET researchers discovered attempts to deploy Lazarus malware via a supply chain attack in South Korea.

The researchers explained that Internet users in South Korea are often asked to install additional security software when visiting government or Internet banking websites.

WIZVERA VeraPort is a South Korean application that helps manage such additional security software.

After installing this application on their devices, users receive and install all necessarily software required by a specific website with VeraPort.

The attackers abused this mechanism in order to deliver Lazarus malware from a legitimate but compromised website, according to the ESET researchers.

Tags:    

Similar News