Threat Management, Vulnerability Management

Zero-day flaw leveraged in Lazarus attack

North Korean state-sponsored hacking operation Lazarus Group has leveraged a zero-day vulnerability in a popular certificate software to compromise a South Korean financial entity in October, according to The Hacker News. The financial firm was earlier compromised by Lazarus in May through the same vulnerable certificate software version, a report from AhnLab Security Emergency Response Center showed. Such an attack was facilitated through the Bring Your Own Vulnerable Driver technique, which Lazarus has used in its recent intrusions. Aside from modifying file names to conceal malicious behavior, Lazarus has also employed timestomping, or timestamp alterations, eventually resulting in the deployment of various backdoor payloads. "The Lazarus Group is researching the vulnerabilities of various other software and are constantly changing their TTPs by altering the way they disable security products and carry out anti-forensic techniques to interfere or delay detection and analysis in order to infiltrate Korean institutions and companies," said ASEC.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.