April 23, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Ongoing njRAT Campaign Against Middle East
October 9, 2019
Here’s how VPNs can be Exploited by Attackers
October 9, 2019Rewterz Threat Alert – Ongoing njRAT Campaign Against Middle East
October 9, 2019Here’s how VPNs can be Exploited by Attackers
October 9, 2019
Severity
High
Analysis Summary
Lazarus have been active again are targeting different countries and organizations. Some samples of their activity were analyzed by a group of researchers. The malware is linked to Lazarus, a reportedly North Korean group of attackers. One malicious document appears to be targeting members of a recent G20 Financial Meeting, seeking coordination of the economic policies between the wealthiest countries. Another is reportedly related to the recent theft of $30 million from the Bithumb crypto-currency exchange in South Korea.
Impact
Financial loss
Indicators of Compromise
Malware Hash
- 6016cbecb94edbfebb3d1596d159733485504d09e08295d2a5893a0c19f8e28f
- 5f0425a95c4024f1d7d2f61e7ece50eb
- a04c2f08531a04b66fe59c7e790a6a20892100e0
- 130e62b9b5c34d2e57bae42410378d78091e0c32a955c37b1191befb2ea427c0
- fbe120b245942b6eeb360311b549e160
- 938ad782320855ffa8daabf48def77a57dac3e80
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.