fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

North Korean State Hackers Breach COVID-19 Research Entities

North Korean State Hackers Breach COVID-19 Research Entities

North Korean nation-state hackers tracked as the Lazarus Group have recently compromised organizations involved in COVID-19 research and vaccine development.

To do that they infiltrated the networks of a pharmaceutical company and a government health ministry in September and October, respectively.

After slithering into their network, the North Korean state hackers deployed Bookcode (exclusively used by Lazarus) and wAgent malware with backdoor capabilities.

Backdoors used for post-exploitation

“Both attacks leveraged different malware clusters that do not overlap much,” Kaspersky security expert Seongsu Park said in an APT report.

“However, we can confirm that both of them are connected to the Lazarus group, and we also found overlaps in the post-exploitation process.”

The final payload in the attack against the health ministry was wAgent, a malware designed to deploy additional payloads from the command-and-control server, including a persistent backdoor, and to load them into the memory of the compromised systems.

Also Read: Website Ownership Laws: Your Rights And What These Protect

In the attack that took place on October 27, the wAgent malware had “the same infection scheme as the malware that the Lazarus group used previously in attacks on cryptocurrency businesses.”

In the attack targeting the pharmaceutical company from September 25, Lazarus operators used the Bookcode malware to harvest system information, a “registry sam dump containing password hashes,” and Active Directory info.

Even though in the past the hackers deployed this malware in a supply chain attack and via spearphishing, in this case, the attack vector was not discovered.

Malware infection chain

Kaspersky did not reveal the identity of the pharmaceutical company compromised in these attacks, but they did share that it is involved in the development of a COVID-19 vaccine and it is also “authorized to produce and distribute COVID-19 vaccines.”

While there are multiple COVID-19 vaccines in development right now, only those developed by these organizations have reached authorization/approval status in the US, UK, Russia, China, and other countries (hence the target has to be among them):

  • Pfizer-BioNTech
  • Moderna, Sinovac
  • the Wuhan Institute of Biological Products
  • the Gamaleya Research Institute
  • the Beijing Institute of Biological Products
  • the Russian Federal Budgetary Research Institution State Research Center of Virology and Biotechnology

“These two incidents reveal Lazarus group’s interest in intelligence related to COVID-19,” Park added.

“While the group is mostly known for its financial activities, it is a good reminder that it can go after strategic research as well.

“We believe that all entities currently involved in activities such as vaccine research or crisis handling should be on high alert for cyberattacks.”

COVID-19 research at the top of multiple target lists

Since the start of the pandemic, intelligence that could speed-up COVID-19 vaccine development has been under continuous targeting by state-sponsored threat actors.

For instance, vaccine research organizations from Canada, UK, and the US have been the target of several attacks coordinated by the Russian state-sponsored APT29 hacking group throughout the year.

Threat actors linked to the People’s Republic of China (PRC) have also been involved in similar attacks as disclosed by the FBI and DHS-CISA in a joint public service announcement.

Microsoft has also seized domains used in COVID-19-related cybercrime and warned this week of emerging fraud schemes where scammers exploit the public’s interest in the COVID-19 vaccine to harvest personal information and steal money.

Also Read: Computer Misuse Act Singapore: The Truth And Its Offenses

Earlier this month, threat actors have also attacked organizations involved in COVID-19 research, the European Medicines Agency (EMA), and the EU Commission, as well as orgs linked to the COVID-19 vaccine cold chain involving storing and delivering it at safe temperatures.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us