Lazarus Group Used Supply Chain Attack to Target South Korean Users with Malware

mood · Nov 16, 2020

Lazarus Group Used Supply Chain Attack to Target South Korean Users with Malware
ESET researchers uncover a novel Lazarus supply-chain attack leveraging WIZVERA VeraPort software
November 16, 2020
https://www.tripwire.com/state-of-s...ck-to-target-south-korean-users-with-malware/

The Lazarus group leveraged a supply chain attack to target users located in South Korea with custom malware.

On November 16, ESET disclosed that the Lazarus group conducted its supply chain attack by abusing WIZVERA VeraPort. This application helps users in South Korea manage the installation of additional computer security software when they visit a government portal or banking website that requires it.
Users sometimes can’t access a site’s resources unless they have WIZVERA VeraPort installed on their devices.
Click to expand...

Acknowledging that reality, the Lazarus group crafted its attack to prey upon machines that had WIZVERA VeraPort installed.

They specifically used stolen code-signing certificates, including one lifted from a U.S. branch of a South Korean security company, to push out malware in the VeraPort software bundle served by a legitimate but compromised website.

The attackers camouflaged the Lazarus malware samples as legitimate software. These samples have similar filenames, icons and VERSIONINFO resources as legitimate South Korean software often delivered via WIZVERA VeraPort. Binaries that are downloaded and executed via the WIZVERA VeraPort mechanism are stored in %Temp%\[12_RANDOM_DIGITS]\.
Click to expand...

ESET: Lazarus supply‑chain attack in South Korea

ESET telemetry data recently led our researchers to discover attempts to deploy Lazarus malware via a supply-chain attack in South Korea. In order to deliver its malware, the attackers used an unusual supply-chain mechanism, abusing legitimate South Korean security software and digital certificates stolen from two different companies.
Click to expand...

Log in or Sign up

Lazarus Group Used Supply Chain Attack to Target South Korean Users with Malware

mood Updates Team

Log in or Sign up

Lazarus Group Used Supply Chain Attack to Target South Korean Users with Malware

mood Updates Team

Useful Searches