Kaspersky Lab senior security researcher Seongsu Park details the technique used by Lazarus in breaching into command and control servers of companies around the world, including those in the Asia Pacific region.

 
 

While researching the latest activities of the infamous cybercrime group Lazarus, Kaspersky Lab has uncovered a number of compromised servers being used as part of the threat actor’s global command and control infrastructure. The hacked servers are located around the world, including in the Asia Pacific region.
 

The compromised servers, found in Indonesia, India, Bangladesh, Malaysia, Vietnam, South Korea, Taiwan, and Thailand, among others, could be used by Lazarus to launch targeted attacks against a company or organization.
 

The researchers discovered that the servers had been infected using malware called Manuscrypt, a family the threat actor is known to have used since 2013. They believe that the Manuscrypt malware was installed using an exploit for CVE-2017-7269, a vulnerability in Microsoft Internet Information Services (IIS) 6.0 that was patched by Microsoft on June 13, 2017.
 

Many servers worldwide remain at risk of this exploit. According to open source intelligence, three of the top five countries that still have servers carrying this vulnerability are in the APAC region: China (with 7,848), India (1,524), and Hong Kong (1,102). The U.S. tops the list with the most vulnerable servers (11,949), while United Kingdom ranks 5th with 805.
 

If the exploit is successful, the malware can hand control of the compromised host to the attacker and easily implant additional malware on the server. Kaspersky Lab researchers have also found several tools on the servers, including an information harvester. Using this kind of information gathering tool, the attacker can steal information from the victim’s own infrastructure.
 

Lazarus is believed to be behind massive and high-profile attacks like the 2014 hack of Sony Pictures, the million-dollar Bangladesh Bank heist in 2016, and the recent WannaCry destructive ransomware epidemic. The Korean language group is thought to be state-sponsored.
 

“Companies are increasingly worried about being hit by advanced targeted attack groups like Lazarus. Unbeknown to them, their own corporate servers could be infected and manipulated by the hackers against them, or used to launch attacks on others,” says Seongsu Park, Senior Security Researcher at Kaspersky Lab’s Global Research and Analysis Team (GReAT).

 

Park predicts that with these incidents targeting enterprise networks, IT security priorities and processes will need to adapt as customers will require technology that is combined with intelligence and expertise, to protect them from both known and unknown threats.

 

In order to prevent falling victim to such an attack, Kaspersky Lab researchers recommend implementing the following measures:
• Install a robust security solution as part of a comprehensive, multi-layered approach to IT infrastructure security
• Enforce the use of strong passwords as part of the server authentication process
• Implement a continuous process of patch management
• Undertake a regular security audit of the IT infrastructure
• Consider investing in threat intelligence services which will keep the organization informed of emerging threats and offer an insight into the criminal perspective to help them assess their level of risk.
 

For further information on Kaspersky Lab’s threat intelligence services contact intelreports@kaspersky.com

 

Further information on Kaspersky Lab’s research on Lazarus can be found at Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Belkin Accessories for New Gen iPhones Are Now Available at Power Mac Center
Techworld Date Posted: 29 June 2018 4:35 PM | 394 Views
  Modern life is unthinkable without the iPhone, especially as it has replaced almost every other device needed at work and in everyday life. Keep yours in peak performance with the help of the.... See More
 
Belkin Accessories for New Gen iPhones Are Now Available at Power Mac Center
Techworld Date Posted: 4:35 PM | 394 Views
  Modern life is unthinkable without the iPhone, especially as it has replaced almost every other device needed at work and in everyday life. Keep yours in peak performance with the help of the...See More

 
Love Is Getting in the Way of Users’ Internet Security, Warns Kaspersky Lab
Techworld Date Posted: 23 March 2018 1:21 PM | 330 Views
If you’re in a relationship, ask yourself this question – are you the cyber-savvy one of the two? Or are you the one that’s always leaning on your partner for help when you have.... See More
 
Love Is Getting in the Way of Users’ Internet Security, Warns Kaspersky Lab
Techworld Date Posted: 1:21 PM | 330 Views
If you’re in a relationship, ask yourself this question – are you the cyber-savvy one of the two? Or are you the one that’s always leaning on your partner for help when you have...See More

 
Fortinet Recommended in NSS Labs Next-Generation Intrusion Prevention System (NGIPS) Test
Techworld Date Posted: 16 November 2017 10:31 AM | 464 Views
Fortinet® (NASDAQ: FTNT), the global leader in high-performance cybersecurity solutions, today announced the results of the latest NSS Labs Next-Generation Intrusion Prevention System (NGIPS) group test report.. See More
 
Fortinet Recommended in NSS Labs Next-Generation Intrusion Prevention System (NGIPS) Test
Techworld Date Posted: 10:31 AM | 464 Views
Fortinet® (NASDAQ: FTNT), the global leader in high-performance cybersecurity solutions, today announced the results of the latest NSS Labs Next-Generation Intrusion Prevention System (NGIPS) group test report.See More

 
ASUS Republic of Gamers Launches Maximus X and Strix Z370 Series Motherboards
Techworld Date Posted: 19 October 2017 8:37 AM | 633 Views
ASUS Republic of Gamers (ROG) today announced Maximus X and Strix Z370, a diverse collection of ROG Z370 gaming motherboards featuring support for the latest 8th Generation IntelCoreTM processors and designed for a range.... See More
 
ASUS Republic of Gamers Launches Maximus X and Strix Z370 Series Motherboards
Techworld Date Posted: 8:37 AM | 633 Views
ASUS Republic of Gamers (ROG) today announced Maximus X and Strix Z370, a diverse collection of ROG Z370 gaming motherboards featuring support for the latest 8th Generation IntelCoreTM processors and designed for a range...See More

 
Grade School Students, Big Winner in Power Mac Center App Contest
Techworld Date Posted: 27 February 2019 3:51 PM | 84 Views
A game app that will help toddlers and grade school students build their passion for learning bagged the grand prize in Power Mac Center’s recently concluded “emPOWER UP! Design a Better World: App Development.... See More
 
Grade School Students, Big Winner in Power Mac Center App Contest
Techworld Date Posted: 3:51 PM | 84 Views
A game app that will help toddlers and grade school students build their passion for learning bagged the grand prize in Power Mac Center’s recently concluded “emPOWER UP! Design a Better World: App Development...See More

 
Beat the Summer Heat with Cool Discounts from Nokia Mobile
Techworld Date Posted: 22 February 2019 5:10 PM | 83 Views
It’s never too early to get ready for summer. HMD Global, the home of Nokia phones, brings you the best discounts that are sure to give you a premium summer experience at an affordable.... See More
 
Beat the Summer Heat with Cool Discounts from Nokia Mobile
Techworld Date Posted: 5:10 PM | 83 Views
It’s never too early to get ready for summer. HMD Global, the home of Nokia phones, brings you the best discounts that are sure to give you a premium summer experience at an affordable...See More

Symantec Attack Investigation Team
FASTCash: How the Lazarus Group Is Emptying Millions from ATMs
Techworld • By: Symantec Attack Investigation Team | Date Posted: 16 November 2018 3:17 PM | 157 Views
On October 2, 2018, an alert was issued by US-CERT, the Department of Homeland Security, the Department of the Treasury, and the FBI.. See More
Symantec Attack Investigation Team
FASTCash: How the Lazarus Group Is Emptying Millions from ATMs
Techworld • By: Symantec Attack Investigation Team | Date Posted: 3:17 PM | 157 Views
On October 2, 2018, an alert was issued by US-CERT, the Department of Homeland Security, the Department of the Treasury, and the FBI.See More

 
MSI Gaming joins the biggest gaming event in the philippines, E-SPORTS and gaming summit 2017
Techworld Date Posted: 24 October 2017 10:21 AM | 370 Views
Pasay City, Philippines – Micro-star International or MSI, the world’s best-selling gaming laptop brand, is one of the sponsors and exhibitors in the ESGS Event this October 27-29, 2017 at the SMX Convention Center..... See More
 
MSI Gaming joins the biggest gaming event in the philippines, E-SPORTS and gaming summit 2017
Techworld Date Posted: 10:21 AM | 370 Views
Pasay City, Philippines – Micro-star International or MSI, the world’s best-selling gaming laptop brand, is one of the sponsors and exhibitors in the ESGS Event this October 27-29, 2017 at the SMX Convention Center....See More

 
SAP Promotes Filipino Executive Edler Panlilio as Managing Director for SAP Philippines, Inc.
Techworld Date Posted: 17 October 2017 3:10 PM | 279 Views
SAP SE (NYSE: SAP) today announced the appointment of Edler Panlilio as the Managing Director for SAP Philippines, Inc. In this new role, Edler will be responsible for leading and driving business growth and.... See More
 
SAP Promotes Filipino Executive Edler Panlilio as Managing Director for SAP Philippines, Inc.
Techworld Date Posted: 3:10 PM | 279 Views
SAP SE (NYSE: SAP) today announced the appointment of Edler Panlilio as the Managing Director for SAP Philippines, Inc. In this new role, Edler will be responsible for leading and driving business growth and...See More

 
KINGMAX’S New iKey – Tiny USB Fingerprint Reader 1 Fingerprint to Keep Them All
Techworld Date Posted: 14 October 2017 2:22 PM | 266 Views
Do you have a whole book’s worth of passwords? How do you remember so many? Worry not, KINGMAX “iKey-Tiny USB Fingerprint Reader” is here. . See More
 
KINGMAX’S New iKey – Tiny USB Fingerprint Reader 1 Fingerprint to Keep Them All
Techworld Date Posted: 2:22 PM | 266 Views
Do you have a whole book’s worth of passwords? How do you remember so many? Worry not, KINGMAX “iKey-Tiny USB Fingerprint Reader” is here. See More


Power by

Download Free AZ | Free Wordpress Themes