Anti-Forensic Techniques Used By Lazarus Group Posted By AFIRST.SH , February 23, 2023 Since approximately a year ago, the Lazarus group’s malware has been discovered in various Korean companies related to national defense, satellites, software, and media press. The AhnLab ASEC analysis team has been continuously tracking the Lazarus threat group’s activities and other related TTPs. Among the recent cases, this post aims to share the anti-forensic traces and details found in the systems that were infiltrated by the Lazarus group. Overview Definition of Anti-Forensics Anti-forensics refers to the tampering of evidence in…
A Case of Malware Infection by the Lazarus Attack Group Disabling Anti-Malware Programs With the BYOVD Technique Posted By jcleebobgatenet , October 31, 2022 In the ASEC blog post uploaded on April 2022 (New Malware of Lazarus Threat Actor Group Exploiting INITECH Process, https://asec.ahnlab.com/en/33801/), the team discussed the fact that the Lazarus attack group had been exploiting the INITECH process to infect systems with malware. This article aims to cover the details of the Lazarus group using the watering hole technique to hack into systems before exploiting the vulnerability of the MagicLine4NX product from Dream Security in order to additionally hack into systems in…
New Malware of Lazarus Threat Actor Group Exploiting INITECH Process Posted By jcleebobgatenet , April 26, 2022 The AhnLab ASEC analysis team has discovered that there are 47 companies and institutions—including defense companies—infected with the malware distributed by the Lazarus group in the first quarter of 2022. Considering the severity of the situation, the team has been monitoring the infection cases. In systems of the organizations infected with the malware, it was found that malicious behaviors stemmed from the process of INITECH (inisafecrosswebexsvc.exe), the security company. The team initially secured the following information of inisafecrosswebexsvc.exe from the…
