Rewterz Threat Advisory – F5 Multiple Products OpenSSL Denial of Service Vulnerability
March 18, 2019Rewterz Threat Advisory – VMWare Workstation Player Multiple Privilege Escalation Vulnerabilities
March 18, 2019Rewterz Threat Advisory – F5 Multiple Products OpenSSL Denial of Service Vulnerability
March 18, 2019Rewterz Threat Advisory – VMWare Workstation Player Multiple Privilege Escalation Vulnerabilities
March 18, 2019Severity
Medium
Analysis Summary
The Lazarus campaign aimed at Russian banks uses malicious Office documents delivered as ZIP files, along with a PDF document called NDA_USA.pdf that contains a StarForce Technologies agreement, which is a Russian software company that provides copy protection software.
Moreover, researchers have observed increased targeting of interbank networks by the Lazarus group. These networks connect the ATMs of issuing banks, enabling ATM cards issued by members to work across all connected ATMs. Recently observed campaigns leverage social engineering and subsequent spear-phishing emails sent to employees of targeted organizations. The emails contain malicious attachments that, when opened, download known Lazarus malware.
Impact
Lazarus Attack
Indicators of Compromise
Remediation
- Block the threat indicators at their respective controls.
- Scan all documents downloaded from the internet/email attachments prior to execution.
- Avoid downloading email attachments coming from untrusted sources.