• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Skimmer Acts as Payment Service Provider via Rogue iframe to Harvest Credit Card Information
May 24, 2019
Rewterz Threat Alert – Money Taker(Threat Actor) Activity Targeting Russian Federation Financial Sector
May 24, 2019

Rewterz Threat Alert – Lazarus New Backdoor Power-task activity Targeting Financial Sectors

May 24, 2019

Severity

High

Analysis Summary


APT group Lazarus is active again and currently targeting financial sector globally with their tool “PowerTask”. Lazarus is known to be the biggest threat groups in the financial sectors and have previously targeted Middle east and other regions as well.

This time they’ve targeted the corporate domain , SWIFT/ ARM CBR and card processing software against banks using their backdoor.

Impact

  • Financial Loss
  • Compromise of Corporate Network

Indicators of Compromise

Filename

  • stage.ps1
  • Memory Dump

Malware Hash (MD5/SHA1/SH256)

  • 08a063f820bObad93b3dSt2c03779a4d 
  • c9b3b6bdcOcbb09f1ca5d4caab8bea9f 

Remediation

  • Block threat indicators at your respective controls.
  • Scan to check for presence of indicators of Infection in the corporate network.
  • Use operation systems and software with latest updates on corporate devices.
  • Isolate infrastructure connected with payment servers and card processing systems. They cannot be managed using accounts from domain.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.