![]() "We also notified people who may have been in contact with these accounts and gave suggestions to enhance their account security, as we have done in the past about other threat groups," Facebook said. ![]() Smith added that Microsoft would continue to work with Interpol, Europol, the FBI and other law enforcement agencies to combat cybercrime.įacebook said it is working to raise awareness of the issue among its users and will continue to collaborate with other companies to counteract the threat. Read more: China accused of using LinkedIn to spy on West "As we look to 2018, it's essential that we act with shared responsibility to strengthen further the partnerships with the security community and governments to combat cyberattacks against civilians." "If the rising tide of nation-state attacks on civilians is to be stopped, governments must be prepared to call out the countries that launch them," Brad Smith, Microsoft's president and chief legal officer, said in a statement. In order to counter the threat posed by the Lazarus group, Microsoft has disabled accounts that it suspected to be linked to the hackers. North Korean hackers were recently blamed for the bankruptcy of a bitcoin exchange following cyber thefts that resulted in the loss of more than $72 million worth of bitcoins.Īccording to research from ProofPoint published Tuesday, the Lazarus Group was behind a number of other sophisticated cyberattacks on individuals and corporations targeting cryptocurrency exchange credentials. ![]() "State-sponsored groups are generally focussed on espionage and disruption."Ī collage of profile pictures makes up a wall in the break room at the new Facebook Data Center on Apin Forest City, North Carolina. ![]() "The Lazarus Group is a sophisticated, state-sponsored APT group with a long history of successful destructive, disruptive, and costly attacks on worldwide targets," Patrick Wheeler, director of threat intelligence at security firm Proofpoint, said in an emailed comment to Newsweek. These exchanges may have allowed the hackers to trick Facebook users into installing malware that would allow them to hijack victims' computers. "We deleted accounts operated by this group to make it harder for them to conduct their activities."Īccording to the social network, the Lazarus Group hackers used personal profiles to pose as other people in order to develop relationships with potential targets. "Last week, Facebook, Microsoft, and other members of the security community took joint action to disrupt the activities of a persistent, advanced threat group commonly referred to as ZINC, or the Lazarus Group," Facebook said in a statement on Tuesday, December 19. government publicly blamed North Korea for the WannaCry ransomware attacks earlier this year. The covert campaign by hackers from the state-sponsored Lazarus Group was revealed on the same day that the U.S. The Lazarus Group and other threat clusters originating from North Korea have been prolific in recent months, having staged attacks spanning manufacturing and real estate sectors in India, telecoms companies in Pakistan and Bulgaria, and government, research, and defense contractors in Europe, Japan, and the U.S., according to Kaspersky.A notorious North Korean hacking group is using fake Facebook profiles to hunt for potential victims, the social network has warned. "This strategic shift enhances stealthiness, making detecting and analyzing the attacker's activities more challenging." According to Sony itself, the attack caused 15. The target was Sony Pictures Entertainment. Its most high-profile hack took place in 2014. "LightlessCan mimics the functionalities of a wide range of native Windows commands, enabling discreet execution within the RAT itself instead of noisy console executions," Kálnai said. Supported and instigated by the North Korean government, Lazarus is a threat actor group behind major cyber attacks such as the spread of the WannaCry ransomware & the 2014 attack on Sony Pictures. tminiBlindingCan's main responsibility is to transmit system information and download files retrieved from a remote server, among others.Ī noteworthy trait of the campaign is the use of execution guardrails to prevent the payloads from being decrypted and run on any other machine other than that of the intended victim's. LightlessCan comes fitted with support for as many as 68 distinct commands, although in its current version, only 43 of those commands are implemented with some functionality. The attack paves the way for an HTTP(S) downloader referred to as NickelLoader, which allows the attackers to deploy any desired program into the memory of the victim's computer, including the LightlessCan remote access trojan and a variant of BLINDINGCAN referred to as miniBlindingCan (aka AIRDRY.V2).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |