Lazarus Group Uses the DLL Side-Loading Technique (2)
Through the “Lazarus Group Uses the DLL Side-Loading Technique” [1] blog post, AhnLab SEcurity intelligence Center (ASEC) has previously covered how the Lazarus group used the DLL side-loading attack technique using legitimate applications in the initial access stage to achieve the next stage of their attack process. This blog post
Warning for Certification Solution (VestCert) Vulnerability and Update Recommendation
Vulnerable Software and Overview VestCert is a certification program used while accessing websites, and is a non-ActiveX module developed by the Korean company, Yettiesoft. This program is registered as a Startup Program and will be relaunched by Yettiesoft’s service (Gozi) even if it is terminated. It remains constantly active as a
Anti-Forensic Techniques Used By Lazarus Group
Since approximately a year ago, the Lazarus group’s malware has been discovered in various Korean companies related to national defense, satellites, software, and media press. The AhnLab ASEC analysis team has been continuously tracking the Lazarus threat group’s activities and other related TTPs. Among the recent cases, this post aims
