Rewterz Threat Advisory – Multiple Atlassian Confluence Vulnerabilities
November 24, 2022Rewterz Threat Advisory – Multiple SolarWinds Orion Platform Vulnerabilities
November 24, 2022Rewterz Threat Advisory – Multiple Atlassian Confluence Vulnerabilities
November 24, 2022Rewterz Threat Advisory – Multiple SolarWinds Orion Platform Vulnerabilities
November 24, 2022Severity
High
Analysis Summary
Hidden Cobra aka Lazarus APT, AppleWorm, APT C-26, Group-77, Guardians of Peace, Official 91, Red Dot, Term.Hermit, or Zinc, is one of North Korea’s most sophisticated threat actors, operating since at least 2009. Initially, they concentrated on South Korea but in the previous months shifted its focus to worldwide targets and began initiating attacks for monetary gain. This actor has been linked to attacks in South Korea, the United States, Japan, and a number of other nations. Lazarus APT is suspected of being behind a number of diverse campaigns, including cyber espionage attacks on financial institutions, government agencies, and the military.
This group is said to be behind the wiper attack on Sony Pictures Entertainment in November 2014 as part of Novetta’s Operation Blockbuster campaign. Lazarus Group’s malware is linked to other known campaigns such as Operation Flame, Operation Troy, DarkSeoul, Operation 1Mission, and Ten Days of Rain. In the last several years, these hackers have stolen at least $1.7 billion in cryptocurrencies. To manipulate their victims, Lazarus employs specific toolkits. The group tries to conceal its behavior, making malware detection and analysis more difficult.
In November 2022, threat actors deployed a new version of the DTrack backdoor to attack organizations in Europe and Latin America. Since 2019, the Lazarus group has used DTrack as a modular backdoor in attacks against a wide range of targets, from financial environments to a nuclear power plan. Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey, and the United States have all been the target of recent attacks.
Impact
- Information Theft and Espionage
- Sensitive Information Exposure
Indicators of Compromise
MD5
08c14dd68da6800a6e630b0e6bee8f6f
12011c44955fd6631113f68a99447515
SHA-256
923f0f8a50fd980789625fa96abff0707a233e75ef83c31b863781d216d743a1
c92c158d7c37fea795114fa6491fe5f145ad2f8c08776b18ae79db811e8e36a3
SHA-1
0ee8989e63070dc4bd54bc09189477234344fc8a
4f4f8cf0f9b47d0ad95d159201fe7e72fbc8448d
Remediation
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.