Kaspersky Lab senior security researcher Seongsu Park details the technique used by Lazarus in breaching into command and control servers of companies around the world, including those in the Asia Pacific region.

 
 

While researching the latest activities of the infamous cybercrime group Lazarus, Kaspersky Lab has uncovered a number of compromised servers being used as part of the threat actor’s global command and control infrastructure. The hacked servers are located around the world, including in the Asia Pacific region.
 

The compromised servers, found in Indonesia, India, Bangladesh, Malaysia, Vietnam, South Korea, Taiwan, and Thailand, among others, could be used by Lazarus to launch targeted attacks against a company or organization.
 

The researchers discovered that the servers had been infected using malware called Manuscrypt, a family the threat actor is known to have used since 2013. They believe that the Manuscrypt malware was installed using an exploit for CVE-2017-7269, a vulnerability in Microsoft Internet Information Services (IIS) 6.0 that was patched by Microsoft on June 13, 2017.
 

Many servers worldwide remain at risk of this exploit. According to open source intelligence, three of the top five countries that still have servers carrying this vulnerability are in the APAC region: China (with 7,848), India (1,524), and Hong Kong (1,102). The U.S. tops the list with the most vulnerable servers (11,949), while United Kingdom ranks 5th with 805.
 

If the exploit is successful, the malware can hand control of the compromised host to the attacker and easily implant additional malware on the server. Kaspersky Lab researchers have also found several tools on the servers, including an information harvester. Using this kind of information gathering tool, the attacker can steal information from the victim’s own infrastructure.
 

Lazarus is believed to be behind massive and high-profile attacks like the 2014 hack of Sony Pictures, the million-dollar Bangladesh Bank heist in 2016, and the recent WannaCry destructive ransomware epidemic. The Korean language group is thought to be state-sponsored.
 

“Companies are increasingly worried about being hit by advanced targeted attack groups like Lazarus. Unbeknown to them, their own corporate servers could be infected and manipulated by the hackers against them, or used to launch attacks on others,” says Seongsu Park, Senior Security Researcher at Kaspersky Lab’s Global Research and Analysis Team (GReAT).

 

Park predicts that with these incidents targeting enterprise networks, IT security priorities and processes will need to adapt as customers will require technology that is combined with intelligence and expertise, to protect them from both known and unknown threats.

 

In order to prevent falling victim to such an attack, Kaspersky Lab researchers recommend implementing the following measures:
• Install a robust security solution as part of a comprehensive, multi-layered approach to IT infrastructure security
• Enforce the use of strong passwords as part of the server authentication process
• Implement a continuous process of patch management
• Undertake a regular security audit of the IT infrastructure
• Consider investing in threat intelligence services which will keep the organization informed of emerging threats and offer an insight into the criminal perspective to help them assess their level of risk.
 

For further information on Kaspersky Lab’s threat intelligence services contact intelreports@kaspersky.com

 

Further information on Kaspersky Lab’s research on Lazarus can be found at Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


Rafael Aquino
Intel® Meltdown And Spectre Updates
Techworld • By: Rafael Aquino | Date Posted: 14 March 2018 1:25 PM | 602 Views
Security vulnerabilities are everywhere, but lately, a new pair is on the loose. Intel® just received massive updates late February 2018 to early March for all processors that are currently in circulation. . See More
Rafael Aquino
Intel® Meltdown And Spectre Updates
Techworld • By: Rafael Aquino | Date Posted: 1:25 PM | 602 Views
Security vulnerabilities are everywhere, but lately, a new pair is on the loose. Intel® just received massive updates late February 2018 to early March for all processors that are currently in circulation. See More

 
D-Link Powers PLDT Fam Cam Line with Latest Security Cameras
Techworld Date Posted: 18 May 2019 9:21 AM | 36 Views
D-Link International Pte. Ltd., leading global provider of networking products, teams up with PLDT Home Fam Cam, the telco giant’s home monitoring system, to bring Filipinos better home and office security through two new.... See More
 
D-Link Powers PLDT Fam Cam Line with Latest Security Cameras
Techworld Date Posted: 9:21 AM | 36 Views
D-Link International Pte. Ltd., leading global provider of networking products, teams up with PLDT Home Fam Cam, the telco giant’s home monitoring system, to bring Filipinos better home and office security through two new...See More

 
Get Your Hands on the Lenovo IdeaPad Gaming 330 Now
Techworld Date Posted: 14 February 2019 8:47 AM | 35 Views
Looking for a powerful gaming laptop but on a budget? Lenovo has got you covered as the global innovation leader is offering its IdeaPad Gaming 330 laptop at a discounted price for a limited.... See More
 
Get Your Hands on the Lenovo IdeaPad Gaming 330 Now
Techworld Date Posted: 8:47 AM | 35 Views
Looking for a powerful gaming laptop but on a budget? Lenovo has got you covered as the global innovation leader is offering its IdeaPad Gaming 330 laptop at a discounted price for a limited...See More

 
Meet Genesis – The Underground E-Shops with Tens of Thousands of Digital Doppelgangers for Sale to Bypass Financial Anti-Fraud Solutions
Techworld Date Posted: 24 April 2019 4:29 PM | 16 Views
Kaspersky Lab has published the results of an investigation into Genesis - an e-shop that is trading over 60,000 stolen and legitimate digital identities, making successful credit card fraud that much easier to conduct..... See More
 
Meet Genesis – The Underground E-Shops with Tens of Thousands of Digital Doppelgangers for Sale to Bypass Financial Anti-Fraud Solutions
Techworld Date Posted: 4:29 PM | 16 Views
Kaspersky Lab has published the results of an investigation into Genesis - an e-shop that is trading over 60,000 stolen and legitimate digital identities, making successful credit card fraud that much easier to conduct....See More

 
Limited Edition Gold Lenovo Legion Y520 Gaming Laptop Now Available in the Philippines
Techworld Date Posted: 5 April 2018 4:53 PM | 36 Views
Lenovo recently announced that the limited edition gold Lenovo Legion Y520 gaming laptop is now available in the Philippines. With its new hardware, it is sure to elevate the gaming experience. It comes with.... See More
 
Limited Edition Gold Lenovo Legion Y520 Gaming Laptop Now Available in the Philippines
Techworld Date Posted: 4:53 PM | 36 Views
Lenovo recently announced that the limited edition gold Lenovo Legion Y520 gaming laptop is now available in the Philippines. With its new hardware, it is sure to elevate the gaming experience. It comes with...See More

 
Leading the Midrange Game: realme Philippines Brings realme 3 Pro to the Market
Techworld Date Posted: 25 May 2019 4:50 PM | 27 Views
Ready to lead in the midrange smartphone segment, realme Philippines introduces the latest addition to its lineup, the realme 3 Pro. Packed with outstanding smartphone essentials such as optimal system performance, superior cameras and.... See More
 
Leading the Midrange Game: realme Philippines Brings realme 3 Pro to the Market
Techworld Date Posted: 4:50 PM | 27 Views
Ready to lead in the midrange smartphone segment, realme Philippines introduces the latest addition to its lineup, the realme 3 Pro. Packed with outstanding smartphone essentials such as optimal system performance, superior cameras and...See More

 
Apacer AH790 Lightning Swivel USB Flash Drive for iPhone/iPad Expanding more External Memory in Your Apple Devices
Techworld Date Posted: 28 September 2017 3:23 PM | 21 Views
Apacer, a mobile storage solution expert, introduces AH790 dual interface swivel flash drive for iOS devices. Aesthetically built with zinc alloy and equipped with USB 3.1 Gen1 Type-A and Lighting connectors, AH790 is the.... See More
 
Apacer AH790 Lightning Swivel USB Flash Drive for iPhone/iPad Expanding more External Memory in Your Apple Devices
Techworld Date Posted: 3:23 PM | 21 Views
Apacer, a mobile storage solution expert, introduces AH790 dual interface swivel flash drive for iOS devices. Aesthetically built with zinc alloy and equipped with USB 3.1 Gen1 Type-A and Lighting connectors, AH790 is the...See More

 
IDC: Energy Companies in the Philippines Focus on Cost Management and Efficiency in Challenging Economic Situation
Techworld Date Posted: 9 August 2017 2:48 PM | 473 Views
The continuous pressure to support energy requirements for national growth in the Philippines urged local energy companies to prioritize on cost management and operational excellence. Local energy companies are finding new ways to maximize.... See More
 
IDC: Energy Companies in the Philippines Focus on Cost Management and Efficiency in Challenging Economic Situation
Techworld Date Posted: 2:48 PM | 473 Views
The continuous pressure to support energy requirements for national growth in the Philippines urged local energy companies to prioritize on cost management and operational excellence. Local energy companies are finding new ways to maximize...See More

 
ADATA Launches the IM2S3164, an Industrial-Grade 3D NAND SSD
Techworld Date Posted: 28 February 2019 2:34 PM | 20 Views
ADATA Technology a leading manufacturer of high-performance DRAM modules, NAND Flash products, and mobile accessories has launched the IM2S3164 industrial-grade SATA III solid-state drive.. See More
 
ADATA Launches the IM2S3164, an Industrial-Grade 3D NAND SSD
Techworld Date Posted: 2:34 PM | 20 Views
ADATA Technology a leading manufacturer of high-performance DRAM modules, NAND Flash products, and mobile accessories has launched the IM2S3164 industrial-grade SATA III solid-state drive.See More

 
Millennial Idols Mayward Share How You Can Use Your FREE 10GB from PLDT Home Prepaid Wifi Wisely
Techworld Date Posted: 2 April 2019 3:51 PM | 50 Views
Fast-rising celebrities Maymay Entrata and Edward Barber a.k.a. MayWard are back with a new video for PLDT Home Prepaid WiFi’s Techie Hacks series. . See More
 
Millennial Idols Mayward Share How You Can Use Your FREE 10GB from PLDT Home Prepaid Wifi Wisely
Techworld Date Posted: 3:51 PM | 50 Views
Fast-rising celebrities Maymay Entrata and Edward Barber a.k.a. MayWard are back with a new video for PLDT Home Prepaid WiFi’s Techie Hacks series. See More


Power by

Download Free AZ | Free Wordpress Themes