Lazarus, the elite hacking group that has been linked to the North Korean government, has launched a new wave of cyberattacks. It’s now infecting victims with sophisticated homegrown ransomware.
This new malware, dubbed VHD, was first used in two separate attacks this spring. Security researchers at Kaspersky Lab say certain features of VHD set it apart from run-of-the-mill ransomware.
One is that the VHD ransomware is self-spreading. Another is that it utilizes credentials previously harvested from its victims to gain access to password-protected systems on their networks.
Kasersky’s research team didn’t find many clues in the first VHD attack that pointed to a particular threat actor. Those two techniques, however, were enough to warrant closer monitoring.
The second attack, which targeted a business based in France, offered more clarity. Kaspersky was able to more fully analyze the attack and discovered several links to previous Lazarus incidents.
One was an advanced malware framework called MATA. It’s a complex tool that can be used to attack Windows, Mac and Linux systems. Lazarus has employed MATA in breaches since early 2018.
While ransomware hasn’t been a huge part of the Lazarus playbook before, the North Korea-linked hacking crew has employed it before to devastating effect.
Back in 2017, the insidious WannaCry ransomware was attributed to Lazarus. WannaCry ripped through vulnerable computer networks by utilizing a leaked NSA exploit dubbed EternalBlue.
WannaCry spread wherever vulnerabilities allowed. Hospitals, traffic camera systems, and aviation giant Boeing were among its many victims.
That Lazarus has added a new ransomware weapon to its arsenal is not a complete surprise. Lazarus, unlike other state-sponsored hacking groups, has a history of launching attacks for financial gain.
Some of the more infamous Lazarus incidents include a $7 million cryptocurrency heist and an $81 million attack on a Bangladesh bank. As of last year, experts believed Lazarus had racked up around $2 billion in ill-gotten gains.
Source: Forbes
Ransomware Has A New And Very Valuable Hostage In Sight
Ransomware suspected in cyberattack that crippled major US newspapers
HTTP Status Codes Command This Malware How to Control Hacked Systems