8/3/2023 0 Comments Lazarus group bitcoinAlthough these attacks are not connected with each other, they share a common feature: the element of cryptocurrency. These two incidents are a study of contrasts: the Zealot campaign is fairly sophisticated with the use of multiple vulnerabilities and exploits, while Lazarus uses a tried-and-true social engineering technique that is no less effective. This will load a Trojan that steals credentials in addition to downloading more malware. The infection is done through the email, which has an attached Microsoft Word file that installs a malicious macro once executed. They send emails purporting to be a job advertisement for a CFO position with a European cryptocurrency company to officials of cryptocurrency financial organizations. In this case, the group uses a classic Business Email Compromise (BEC) scheme to attempt to steal bitcoin. The second incident involves the Lazarus group, which was linked to the Bangladeshi bank heists in 2016. So far, the campaign has reportedly generated around $8,500 worth of Monero coins. Finally, the attackers will use PowerShell to download and install a Monero miner. In addition to the two vulnerabilities, for infected Windows machines, the campaign also leverages EternalBlue and EternalSynergy, part of a series of exploits released by the Shadow Brokers group earlier this year, for lateral movement within networks. In addition to the exploitation of vulnerabilities, this campaign also highlights the use of server platforms such as Struts as viable exploitation platforms. CVE-2017-9822, on the other hand, involves DotNetNuke, one of the most popular web content management systems used today. ![]() CVE-2017-5638 is an Apache Struts vulnerability that is notable for being the same one used in the Equifax breach back in September. The first of these incidents, known as the “Zealot” campaign after the use of the zealot.zip name used in one of the files dropped on the target system, involves the use of two vulnerabilities: CVE-2017-5638 and CVE-2017-9822. In the past few days, a couple of cryptocurrency-based security incidents occurred, with one aiming to install a Monero miner on target servers, and the other using phishing tactics to victimize financial organizations. ![]() With cryptocurrency prices hitting new highs recently, it’s no surprise that cybercriminals are starting to become more aggressive in terms of profiting from these digital currencies.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |