ICT Security-Sécurité PC et Internet

North Korean-backed hacking group Lazarus has added the Windows Update client to its list of living-off-the-land binaries (LoLBins) and is now actively using it to execute malicious code on Windows systems.

The new malware deployment method was discovered by the Malwarebytes Threat Intelligence team while analyzing a January spearphishing campaign impersonating the American security and aerospace company Lockheed Martin.

After the victims open the malicious attachments and enable macro execution, an embedded macro drops a WindowsUpdateConf.lnk file in the startup folder and a DLL file (wuaueng.dll) in a hidden Windows/System32 folder.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Windows

Lazarus, an advanced persistent threat (APT) group, has expanded its reach with the development and use of a Trojan designed to attack Linux systems. 

The APT, suspected to hail from North Korea, has previously been connected to global cyberattacks and malware outbreaks including the infamous WannaCry rampage, the $80 million Bangladeshi bank heist, and a new campaign impacting financial institutions worldwide. 

Recent reports suggest that Lazarus has become a customer of Trickbot, a criminal enterprise that is offering the state-sponsored threat actors access to infected systems alongside a collection of hacking tools. 

Lazarus may be willing to purchase tools from others but may also be capable of creating its own, such as in the case of a new Remote Access Trojan (RAT) spotted by researchers from Netlab 360. 

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux