fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

North Korean Hackers Use New Vyveva Malware To Attack Freighters

North Korean Hackers Use New Vyveva Malware To Attack Freighters

The North Korean-backed Lazarus hacking group used new malware with backdoor capabilities dubbed Vyveva n targeted attacks against a South African freight logistics company.

Vyveva was first used in a June 2020 attack as ESET researchers discovered, but further evidence shows Lazarus has been deploying it in previous attacks going back to at least December 2018.

While ESET only found two machines infected with this malware, both of them belonging to the same South African freight company, the backdoor was likely used in other targeted espionage campaigns since it was first deployed in the wild.

“Vyveva shares multiple code similarities with older Lazarus samples that are detected by ESET technology,” security researcher Filip Jurčacko said in a report published today.

“However, the similarities do not end there: the use of a fake TLS protocol in network communication, command-line execution chains, and the methods of using encryption and Tor services all point toward Lazarus. Hence, we can attribute Vyveva to this APT group with high confidence.”

Also Read: What Does A Data Protection Officer Do? 5 Main Things

Backdoor made in North Korea

The malware comes with an extensive set of cyber-espionage capabilities allowing Lazarus operators to harvest and exfiltrate files from infected systems to servers under their control using the Tor anonymous network as a secure communication channel.

Lazarus can also use Vyveva to deliver and execute arbitrary malicious code on any compromised system on the victims’ network.

Among its other “features,” the backdoor has support for timestomping commands, which allows its operators to manipulate any file’s date using metadata from other files on the system or by setting a random date between 2000 and 2004 to hide new or modified files.

While the backdoor will connect to its command-and-control (C2) server once every three minutes, it also uses watchdogs designed to keep track of newly connected drives or the active user sessions to trigger new C2 connections on new session or drive events.

“Vyveva constitutes yet another addition to Lazarus’s extensive malware arsenal,” Jurčacko added. “Attacking a company in South Africa also illustrates the broad geographical targeting of this APT group.”

Vyveva components
Vyveva components (ESET)

Recent Lazarus activity

The Lazarus Group, a military hacking group backed by the Democratic People’s Republic of Korea, is also tracked as HIDDEN COBRA by the United States Intelligence Community.

They are known for targeting high-profile orgs such as Sony Films as part of Operation Blockbuster in 2014, multiple banks worldwide, and coordinating the 2017 global WannaCry ransomware campaign.

In January, Lazarus targeted security researchers in social engineering attacks using elaborate fake “security researcher” social media personas, with a similar campaign being detected and blocked by Google in March while in its early stages.

The same month, it was discovered that they targeted the defense industry with a previously undocumented backdoor dubbed ThreatNeedle in an espionage campaign active since early 2020.

Also Read: The DNC Registry Singapore: 5 Things You Must Know

Indicators of compromise, including Vyveva sample hashes used during attacks targeting the South African freight company, are available at the end of ESET’s report.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us