Kaspersky Lab senior security researcher Seongsu Park details the technique used by Lazarus in breaching into command and control servers of companies around the world, including those in the Asia Pacific region.

 
 

While researching the latest activities of the infamous cybercrime group Lazarus, Kaspersky Lab has uncovered a number of compromised servers being used as part of the threat actor’s global command and control infrastructure. The hacked servers are located around the world, including in the Asia Pacific region.
 

The compromised servers, found in Indonesia, India, Bangladesh, Malaysia, Vietnam, South Korea, Taiwan, and Thailand, among others, could be used by Lazarus to launch targeted attacks against a company or organization.
 

The researchers discovered that the servers had been infected using malware called Manuscrypt, a family the threat actor is known to have used since 2013. They believe that the Manuscrypt malware was installed using an exploit for CVE-2017-7269, a vulnerability in Microsoft Internet Information Services (IIS) 6.0 that was patched by Microsoft on June 13, 2017.
 

Many servers worldwide remain at risk of this exploit. According to open source intelligence, three of the top five countries that still have servers carrying this vulnerability are in the APAC region: China (with 7,848), India (1,524), and Hong Kong (1,102). The U.S. tops the list with the most vulnerable servers (11,949), while United Kingdom ranks 5th with 805.
 

If the exploit is successful, the malware can hand control of the compromised host to the attacker and easily implant additional malware on the server. Kaspersky Lab researchers have also found several tools on the servers, including an information harvester. Using this kind of information gathering tool, the attacker can steal information from the victim’s own infrastructure.
 

Lazarus is believed to be behind massive and high-profile attacks like the 2014 hack of Sony Pictures, the million-dollar Bangladesh Bank heist in 2016, and the recent WannaCry destructive ransomware epidemic. The Korean language group is thought to be state-sponsored.
 

“Companies are increasingly worried about being hit by advanced targeted attack groups like Lazarus. Unbeknown to them, their own corporate servers could be infected and manipulated by the hackers against them, or used to launch attacks on others,” says Seongsu Park, Senior Security Researcher at Kaspersky Lab’s Global Research and Analysis Team (GReAT).

 

Park predicts that with these incidents targeting enterprise networks, IT security priorities and processes will need to adapt as customers will require technology that is combined with intelligence and expertise, to protect them from both known and unknown threats.

 

In order to prevent falling victim to such an attack, Kaspersky Lab researchers recommend implementing the following measures:
• Install a robust security solution as part of a comprehensive, multi-layered approach to IT infrastructure security
• Enforce the use of strong passwords as part of the server authentication process
• Implement a continuous process of patch management
• Undertake a regular security audit of the IT infrastructure
• Consider investing in threat intelligence services which will keep the organization informed of emerging threats and offer an insight into the criminal perspective to help them assess their level of risk.
 

For further information on Kaspersky Lab’s threat intelligence services contact intelreports@kaspersky.com

 

Further information on Kaspersky Lab’s research on Lazarus can be found at Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Motorola Expands Retail Footprint in VisMin, Shares 2018 Plans
Techworld Date Posted: 22 February 2018 9:51 AM | 239 Views
Since its launch in 2016, Motorola Philippines has gone full throttle in making the Motorola experience more accessible to Filipinos nationwide.. See More
 
Motorola Expands Retail Footprint in VisMin, Shares 2018 Plans
Techworld Date Posted: 9:51 AM | 239 Views
Since its launch in 2016, Motorola Philippines has gone full throttle in making the Motorola experience more accessible to Filipinos nationwide.See More

 
Nokia 3310 Celebrates 18th Birthday with Price Blowout
Techworld Date Posted: 31 August 2018 4:58 PM | 99 Views
HMD Global, the home of Nokia phones, celebrates years of reliable mobile experience with Nokia 3310’s 18th birthday on September 1.. See More
 
Nokia 3310 Celebrates 18th Birthday with Price Blowout
Techworld Date Posted: 4:58 PM | 99 Views
HMD Global, the home of Nokia phones, celebrates years of reliable mobile experience with Nokia 3310’s 18th birthday on September 1.See More

PCBG Contributing Writer
Buckle Up for This Year’s E-Sports and Gaming Summit
Techworld • By: PCBG Contributing Writer | Date Posted: 26 October 2017 2:36 PM | 283 Views
The E-Sports and Gaming Summit (ESGS) 2017 is bound to grace the SMX Convention Center in Pasay City on October 27-29 (Friday-Sunday) for a no-holds barred gaming extravaganza and introduction of new local and.... See More
PCBG Contributing Writer
Buckle Up for This Year’s E-Sports and Gaming Summit
Techworld • By: PCBG Contributing Writer | Date Posted: 2:36 PM | 283 Views
The E-Sports and Gaming Summit (ESGS) 2017 is bound to grace the SMX Convention Center in Pasay City on October 27-29 (Friday-Sunday) for a no-holds barred gaming extravaganza and introduction of new local and...See More

 
ASUS Republic of Gamers Bundles the Best Games and Gears This Holiday Season!
Techworld Date Posted: 25 November 2017 4:58 PM | 294 Views
As the season of giving draws near, ASUS Republic Of Gamers (ROG) is first to gift its loyal customers additional reasons to upgrade their DIY PC systems. Dubbed as the Merry Strixmas promo, ROG.... See More
 
ASUS Republic of Gamers Bundles the Best Games and Gears This Holiday Season!
Techworld Date Posted: 4:58 PM | 294 Views
As the season of giving draws near, ASUS Republic Of Gamers (ROG) is first to gift its loyal customers additional reasons to upgrade their DIY PC systems. Dubbed as the Merry Strixmas promo, ROG...See More

 
ASUS Republic of Gamers Announces Rapture GT-AC5300
Techworld Date Posted: 29 August 2017 4:41 PM | 268 Views
Modern online games require close teamwork and precise control from players; even a second of unwanted network latency can lose a game. To date, most routers labeled as ‘gaming routers' are largely defined by.... See More
 
ASUS Republic of Gamers Announces Rapture GT-AC5300
Techworld Date Posted: 4:41 PM | 268 Views
Modern online games require close teamwork and precise control from players; even a second of unwanted network latency can lose a game. To date, most routers labeled as ‘gaming routers' are largely defined by...See More

 
PLDT and Smart Ring in Christmas with ‘Holideals,’ Their Biggest Holiday Sale Yet
Techworld Date Posted: 16 November 2018 3:27 PM | 141 Views
Brace yourself as leading digital services provider PLDT Inc. and its mobile arm Smart Communications, Inc. are ushering in the Christmas season with the first ever ‘Holideals,’ their biggest holiday blow-out yet. See More
 
PLDT and Smart Ring in Christmas with ‘Holideals,’ Their Biggest Holiday Sale Yet
Techworld Date Posted: 3:27 PM | 141 Views
Brace yourself as leading digital services provider PLDT Inc. and its mobile arm Smart Communications, Inc. are ushering in the Christmas season with the first ever ‘Holideals,’ their biggest holiday blow-out yetSee More

 
F5 Named a WAF Leader by Independent Research Firm
Techworld Date Posted: 5 September 2018 3:35 PM | 85 Views
F5 Networks (NASDAQ: FFIV) just announced that it has been named a Leader in the Forrester Wave™: Web Application Firewalls, Q2 2018 report, published June 25, 2018. . See More
 
F5 Named a WAF Leader by Independent Research Firm
Techworld Date Posted: 3:35 PM | 85 Views
F5 Networks (NASDAQ: FFIV) just announced that it has been named a Leader in the Forrester Wave™: Web Application Firewalls, Q2 2018 report, published June 25, 2018. See More

 
26 Per Cent of Ransomware Attacks Now Target Business – Rapidly-Evolving Ransomware Remains a Top Threat
Techworld Date Posted: 1 December 2017 11:42 AM | 240 Views
In 2017, 26.2 per cent those targeted by ransomware were business users, compared to 22.6 per cent in 2016. See More
 
26 Per Cent of Ransomware Attacks Now Target Business – Rapidly-Evolving Ransomware Remains a Top Threat
Techworld Date Posted: 11:42 AM | 240 Views
In 2017, 26.2 per cent those targeted by ransomware were business users, compared to 22.6 per cent in 2016See More

 
CORSAIR Launches New PSU, Coolers and Case at CES 2018
Techworld Date Posted: 9 January 2018 1:50 PM | 294 Views
CORSAIR®, a world leader in enthusiast memory, high-performance gaming hardware and PC components, today launched a range of PC enthusiast products, equipped with a host of new innovations and features to help PC builders.... See More
 
CORSAIR Launches New PSU, Coolers and Case at CES 2018
Techworld Date Posted: 1:50 PM | 294 Views
CORSAIR®, a world leader in enthusiast memory, high-performance gaming hardware and PC components, today launched a range of PC enthusiast products, equipped with a host of new innovations and features to help PC builders...See More

Frank Emmanuel Trazo
Steam Greenlight: An End of a Chaotic Era
All About Gaming • By: Frank Emmanuel Trazo | Date Posted: 6 September 2017 9:34 AM | 329 Views
On June 6, 2017, Valve decided to discontinue Steam Greenlight. After suspending the submission of new games, they had more than 3400 games that were pending in Steam Greenlight. Some titles weren't granted approval.... See More
Frank Emmanuel Trazo
Steam Greenlight: An End of a Chaotic Era
All About Gaming • By: Frank Emmanuel Trazo | Date Posted: 9:34 AM | 329 Views
On June 6, 2017, Valve decided to discontinue Steam Greenlight. After suspending the submission of new games, they had more than 3400 games that were pending in Steam Greenlight. Some titles weren't granted approval...See More


Power by

Download Free AZ | Free Wordpress Themes