Rewterz Threat Alert – Skimmer Acts as Payment Service Provider via Rogue iframe to Harvest Credit Card Information
May 24, 2019Rewterz Threat Alert – Money Taker(Threat Actor) Activity Targeting Russian Federation Financial Sector
May 24, 2019Rewterz Threat Alert – Skimmer Acts as Payment Service Provider via Rogue iframe to Harvest Credit Card Information
May 24, 2019Rewterz Threat Alert – Money Taker(Threat Actor) Activity Targeting Russian Federation Financial Sector
May 24, 2019Severity
High
Analysis Summary
APT group Lazarus is active again and currently targeting financial sector globally with their tool “PowerTask”. Lazarus is known to be the biggest threat groups in the financial sectors and have previously targeted Middle east and other regions as well.
This time they’ve targeted the corporate domain , SWIFT/ ARM CBR and card processing software against banks using their backdoor.
Impact
- Financial Loss
- Compromise of Corporate Network
Indicators of Compromise
Filename
- stage.ps1
- Memory Dump
Malware Hash (MD5/SHA1/SH256)
- 08a063f820bObad93b3dSt2c03779a4d
- c9b3b6bdcOcbb09f1ca5d4caab8bea9f
Remediation
- Block threat indicators at your respective controls.
- Scan to check for presence of indicators of Infection in the corporate network.
- Use operation systems and software with latest updates on corporate devices.
- Isolate infrastructure connected with payment servers and card processing systems. They cannot be managed using accounts from domain.