• Home
  • Bitcoin
  • Ethereum
  • Blockchain
  • Cryptocurrency Hackers
  • Ripple
  • Litecoin
  • Contact Us
Newsletter
Crypto Hoarding
  • Home
  • Bitcoin
  • Ethereum
  • Blockchain
  • Cryptocurrency Hackers
  • Ripple
  • Litecoin
  • Contact Us
No Result
View All Result
  • Home
  • Bitcoin
  • Ethereum
  • Blockchain
  • Cryptocurrency Hackers
  • Ripple
  • Litecoin
  • Contact Us
No Result
View All Result
Crypto Hoarding
No Result
View All Result
Home Cryptocurrency Hackers

Lazarus Group uses Vyveva backdoor to target freight company – TEISS

Admin by Admin
April 12, 2021
in Cryptocurrency Hackers
0
Lazarus Group uses Vyveva backdoor to target freight company – TEISS
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter

Researchers at ESET have discovered a new hacking campaign conducted by the North Korean-backed Lazarus Group targeting a South African freight logistics company. The hackers are using a backdoor, dubbed Vyveva, that was first used in June last year and communicates with its C&C server via the Tor network.

According to ESET, while the backdoor malware was last used in June last year, it has been used by Lazarus Group on several occasions since December 2018. Recently, the firm found that two machines owned by the South African freight logistics company were infected using the backdoor and that the attack trajectory is quite similar to other campaigns conducted by the Lazarus Group.

Related articles

Polygon, Fantom Users Targeted in Ankr Gateway Hack – Crypto Briefing

Polygon, Fantom Users Targeted in Ankr Gateway Hack – Crypto Briefing

July 1, 2022
Investing in cryptocurrency? What you need to know first – The Telegraph

Investing in cryptocurrency? What you need to know first – The Telegraph

July 1, 2022

“Vyveva shares multiple code similarities with older Lazarus samples that are detected by ESET technology. However, the similarities do not end there: the use of a fake TLS protocol in network communication, command-line execution chains, and the methods of using encryption and Tor services all point toward Lazarus. Hence, we can attribute Vyveva to this APT group with high confidence,” said Filip Jurčacko, a security researcher at ESET.

The firm found that Vyveva has the capability to execute as many as 23 commands issued by the Lazarus Group through C&C servers, including the capability to copy creation/write/access time metadata from a “donor” file to a destination file, exfiltrate directories recursively, and gain information on host computers, such as username, computer name, IP, code page, OS version, OS architecture, tick count, time zone, and current directory.

The backdoor malware uses the Tor library to communicate with a C&C server, contacts the C&C at three-minute intervals, and sends information about the victim computer and its drives before receiving commands. While these capabilities make it a potent threat for organisations, it is not known why Lazarus Group chose to deploy the backdoor against a freight logistics company, that too in South Africa which does not feature in the list of countries primarily targeted by the North Korean spate-sponsored hacker group.

Founded in 2009, Lazarus Group have been one of the most notorious hacker group and has been behind a large number of cyber-attacks on media, finance and aerospace companies as well as on governments across the world. It is best known for conducting the global WannaCry attack which spread malicious ransomware to hundreds of thousands of computers around the world.

In August last year, the FBI and the CISA warned that the hacker group was using a Remote Access Trojan (RAT) named BLINDINGCAN to target devices and networks owned by defence contractors and steal information stored in their servers. The RAT was injected into targeted networks via a phishing campaign that involved the use of job postings from leading defense contractors to lure targeted victims into downloading malicious documents on their devices.

The BLINDINGCAN RAT featured various capabilities, such as collecting detailed information about all disks in a system, obtaining local IP address and processor details, initiating or terminating a new process, read, write, execute and move files, modify file or directory timestamps, and deleting itself from infected systems and cleaning its traces.

In February, three North Korean hackers associated with the Lazarus Group were indicted in the U.S. for carrying out a wide range of cyber crimes and stealing more than $1.3 billion in real money and cryptocurrency from financial institutions and other organizations.

Aside from stealing money from various banks, the hackers also developed several malicious cryptocurrency applications which provided them a backdoor into victims’ computers. Hundreds of cryptocurrency companies were targeted by these criminals to steal millions of dollars, including $75 million from a Slovenian cryptocurrency company, $24.9 million from an Indonesian cryptocurrency company, and $11.8 million from a financial services company in New York using the malicious CryptoNeuro Trader application as a backdoor.

Share76Tweet47

Related Posts

Polygon, Fantom Users Targeted in Ankr Gateway Hack – Crypto Briefing

Polygon, Fantom Users Targeted in Ankr Gateway Hack – Crypto Briefing

by Admin
July 1, 2022
0

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable,...

Investing in cryptocurrency? What you need to know first – The Telegraph

Investing in cryptocurrency? What you need to know first – The Telegraph

by Admin
July 1, 2022
0

According to CoinMarketCap.com, there are nearly 20,000 unique cryptocurrencies and counting.1 That’s a lot of potential options for investors to...

Three Arrows Reprimanded by Singapore, Crypto AUMs at Record Low, N Korean Hackers + More News – Cryptonews

Three Arrows Reprimanded by Singapore, Crypto AUMs at Record Low, N Korean Hackers + More News – Cryptonews

by Admin
June 30, 2022
0

Source: AdobeStock / Richie ChanGet your daily, bite-sized digest of cryptoasset and blockchain-related news – investigating the stories flying under...

North Korea is likely culprit behind $100 million crypto heist, researchers say – CNBC

North Korea is likely culprit behind $100 million crypto heist, researchers say – CNBC

by Admin
June 30, 2022
0

A photo illustration showing the North Korean flag and a computer hacker.Budrul Chukrut | Sopa Images | Lightrocket | Getty...

NFT Platform OpenSea Joins Long List of Crypto Data Breach Victims – Decrypt

NFT Platform OpenSea Joins Long List of Crypto Data Breach Victims – Decrypt

by Admin
June 30, 2022
0

OpenSea, the largest non-fungible token (NFT) marketplace by trading volume, has suffered a data breach after an employee at Customer.io,...

Load More
  • Trending
  • Comments
  • Latest
Major Changes Coming to XRP Ledger As Ripple-Backed Startup Launches Key Amendment in Beta Testnet – The Daily Hodl

Major Changes Coming to XRP Ledger As Ripple-Backed Startup Launches Key Amendment in Beta Testnet – The Daily Hodl

April 21, 2021

SteveWillDoIt reveals hacker stole his crypto wallet: “I lost a lot of money” – Dexerto

July 26, 2021
Forte’s PTI gets financial transaction licenses for blockchain games – VentureBeat

Forte’s PTI gets financial transaction licenses for blockchain games – VentureBeat

February 11, 2022
DOGE passes Uniswap and Litecoin to become 8th largest cryptocurrency by market cap – Cointelegraph

DOGE passes Uniswap and Litecoin to become 8th largest cryptocurrency by market cap – Cointelegraph

April 15, 2021
Enormous 1 Billion XRP Unlocked on Ripple Escrow Wallet, 340 Million XRP Transferred Prior to That – U.Today

Enormous 1 Billion XRP Unlocked on Ripple Escrow Wallet, 340 Million XRP Transferred Prior to That – U.Today

0

Rivals Ripple and R3 partner up | PaymentsSource – American Banker

0
Ripple seeks shelter in D.C. from Libra’s political storm – American Banker

Ripple seeks shelter in D.C. from Libra’s political storm – American Banker

0

Litecoin Gets Bullish Speculation, at Last, as Upgrade Approaches – Coindesk

0
Enormous 1 Billion XRP Unlocked on Ripple Escrow Wallet, 340 Million XRP Transferred Prior to That – U.Today

Enormous 1 Billion XRP Unlocked on Ripple Escrow Wallet, 340 Million XRP Transferred Prior to That – U.Today

July 1, 2022
Polygon, Fantom Users Targeted in Ankr Gateway Hack – Crypto Briefing

Polygon, Fantom Users Targeted in Ankr Gateway Hack – Crypto Briefing

July 1, 2022
Layer-1 blockchains: How crypto winter could slow the challenge to Ethereum – Cointelegraph

Layer-1 blockchains: How crypto winter could slow the challenge to Ethereum – Cointelegraph

July 1, 2022
Report Shows Blockchain Will Have a Significant Impact on Businesses – ETF Trends

Report Shows Blockchain Will Have a Significant Impact on Businesses – ETF Trends

July 1, 2022
Crypto Hoarding

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

Categories tes

  • Bitcoin
  • Blockchain
  • Cryptocurrency Hackers
  • Ethereum
  • Litecoin
  • Ripple

Newsletter

[mc4wp_form]

  • Home
  • Bitcoin
  • Ethereum
  • Blockchain
  • Cryptocurrency Hackers
  • Ripple
  • Litecoin
  • Contact Us

© 2017 JNews - Crafted with love by Jegtheme.

No Result
View All Result
  • Home
  • Bitcoin
  • Ethereum
  • Blockchain
  • Cryptocurrency Hackers
  • Ripple
  • Litecoin
  • Contact Us

Copyright (c) 2021 - Crypto Hoarding - All Rights Reserved - web design by TechyRack