Trojanized applications and DLL hijacking The malicious documents used the remote template technique to fetch and load malicious code from an external server and then deploy a malware dropper that initiates the multi-stage payload. These lures would be consistent with previous attack campaigns attributed to Lazarus in 20 such as Operation In(ter)ception and Operation DreamJob that targeted employees from the aerospace and defense industries. The media employee in Belgium was targeted via email with a document called AWS_EMEA_Legal_.docx that they speculate masqueraded as a job offer related to a legal position at Amazon Web Services. While the researchers weren’t able to recover the contents of the document, they believe it was likely a fake job offer related to Amazon’s space program, Project Kuiper. The aerospace employee was targeted via LinkedIn with a message that involved a document called Amzon_Netherlands.docx. In the new attacks that ESET detected and attributed to Lazarus, also known as Hidden Cobra, the hackers targeted the employee of an aerospace company in the Netherlands and the employee of a media organization in Belgium. The attackers then used their kernel memory write access to disable seven mechanisms the Windows operating system offers to monitor its actions, like registry, file system, process creation, event tracing etc., basically blinding security solutions in a very generic and robust way.” Attackers used fake job offers as entry point “This is the first ever recorded abuse of this vulnerability in the wild. “The most notable tool delivered by the attackers was a user-mode module that gained the ability to read and write kernel memory due to the CVE-2021-21551 vulnerability in a legitimate Dell driver,” security researchers from antivirus firm ESET said in a recent report. This is a prime example of why it’s important to always keep third-party PC manufacturer software, which is often neglected, up to date, as well as to add vulnerable versions to blocklists. The notorious North Korean state-sponsored hacker group Lazarus has begun exploiting a known vulnerability in an OEM driver developed by Dell to evade detection by security solutions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |