Lazarus Hacking Group May Be Behind VHD Ransomware
- The group has resurfaced once again with a malicious program designed to extort money from its victims
Computer security firm Kaspersky Lab today warned Windows, Linux, and macOS users that Lazarus, a notorious hacking group allegedly operating from North Korea, has debuted a multipurpose malware framework, called MATA, to target their machines.
Lazarus is believed to be responsible for major online attacks, including the $80 million Bangladesh cyber bank heist and 2014’s Sony Pictures hack.
The group has resurfaced once again with the so-called VHD ransomware – a malicious program designed to extort money from its victims, which stood out due to its self-replication method.
The malware campaign was uncovered by Kaspersky, which also noted that the new malware was used in two separate attacks this spring. The Russian company says the latest attacks are different from other Lazarus Phishing Phishing Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno Read this Term operations, using novel code to infect machines.
The newest Lazarus campaign was first spotted after it had successfully compromised some businesses in Europe, though it did not give many hints as to who was behind it. The researchers then discovered a second VHD ransomware campaign between March and May 2020, which provided a complete picture of the infection chain and enabled them to link the ransomware to Lazarus.
Hackers cash in on crypto euphoria
“Among other things –and most importantly – the attackers used a backdoor, which was a part of a multiplatform framework called MATA, which Kaspersky recently reported on in-depth and is linked to the aforementioned threat actor due to a number of code and utility similarities,” Kaspersky said.
Most alarmingly, though, is that the VHD ransomware, which encrypts the personal documents found on the victim’s computer, is self-spreading. This malware’s use of a spreading utility, compiled with victim-specific credentials, was reminiscent of APT campaigns. It then displays a message which offers to decrypt the data if payment in Bitcoin Bitcoin While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that Read this Term is made with the instructions are placed on the victim’s desktop in the HowToDecrypt.txt text file.
Kaspersky further explains: “While the actor behind the attacks was not determined, Kaspersky researchers have now linked the VHD ransomware to Lazarus with high confidence, following analysis of an incident where it was used in close conjunction with known Lazarus tools against businesses in France and Asia.”
The report goes on to say that cryptocurrency holders should be especially careful because it is almost impossible to recover any stolen money. Not helping matters were previously known holes in several Bitcoin exchanges, for which Kaspersky had issued patches, which made the hackers’ jobs easier.
Computer security firm Kaspersky Lab today warned Windows, Linux, and macOS users that Lazarus, a notorious hacking group allegedly operating from North Korea, has debuted a multipurpose malware framework, called MATA, to target their machines.
Lazarus is believed to be responsible for major online attacks, including the $80 million Bangladesh cyber bank heist and 2014’s Sony Pictures hack.
The group has resurfaced once again with the so-called VHD ransomware – a malicious program designed to extort money from its victims, which stood out due to its self-replication method.
The malware campaign was uncovered by Kaspersky, which also noted that the new malware was used in two separate attacks this spring. The Russian company says the latest attacks are different from other Lazarus Phishing Phishing Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno Read this Term operations, using novel code to infect machines.
The newest Lazarus campaign was first spotted after it had successfully compromised some businesses in Europe, though it did not give many hints as to who was behind it. The researchers then discovered a second VHD ransomware campaign between March and May 2020, which provided a complete picture of the infection chain and enabled them to link the ransomware to Lazarus.
Hackers cash in on crypto euphoria
“Among other things –and most importantly – the attackers used a backdoor, which was a part of a multiplatform framework called MATA, which Kaspersky recently reported on in-depth and is linked to the aforementioned threat actor due to a number of code and utility similarities,” Kaspersky said.
Most alarmingly, though, is that the VHD ransomware, which encrypts the personal documents found on the victim’s computer, is self-spreading. This malware’s use of a spreading utility, compiled with victim-specific credentials, was reminiscent of APT campaigns. It then displays a message which offers to decrypt the data if payment in Bitcoin Bitcoin While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that Read this Term is made with the instructions are placed on the victim’s desktop in the HowToDecrypt.txt text file.
Kaspersky further explains: “While the actor behind the attacks was not determined, Kaspersky researchers have now linked the VHD ransomware to Lazarus with high confidence, following analysis of an incident where it was used in close conjunction with known Lazarus tools against businesses in France and Asia.”
The report goes on to say that cryptocurrency holders should be especially careful because it is almost impossible to recover any stolen money. Not helping matters were previously known holes in several Bitcoin exchanges, for which Kaspersky had issued patches, which made the hackers’ jobs easier.