April 18, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2022-40308: Apache Archiva Vulnerbility
November 23, 2022Rewterz Threat Advisory – CVE-2022-43782 – Atlassian Crowd Vulnerability
November 23, 2022Rewterz Threat Advisory – CVE-2022-40308: Apache Archiva Vulnerbility
November 23, 2022Rewterz Threat Advisory – CVE-2022-43782 – Atlassian Crowd Vulnerability
November 23, 2022
Severity
High
Analysis Summary
Hidden Cobra aka Lazarus APT, AppleWorm, APT C-26, Group-77, Guardians of Peace, Official 91, Red Dot, Term.Hermit, or Zinc, is one of North Korea’s most sophisticated threat actors, operating since at least 2009. Initially, they concentrated on South Korea but in the previous months shifted its focus to worldwide targets and began initiating attacks for monetary gain. This actor has been linked to attacks in South Korea, the United States, Japan, and a number of other nations. Lazarus APT is suspected of being behind a number of diverse campaigns, including cyber espionage attacks on financial institutions, government agencies, and the military.
This group is said to be behind the wiper attack on Sony Pictures Entertainment in November 2014 as part of Novetta’s Operation Blockbuster campaign. Lazarus Group’s malware is linked to other known campaigns such as Operation Flame, Operation Troy, DarkSeoul, Operation 1Mission, and Ten Days of Rain. In the last several years, these hackers have stolen at least $1.7 billion in cryptocurrencies. To manipulate their victims, Lazarus employs specific toolkits. The group tries to conceal its behavior, making malware detection and analysis more difficult.
In November 2022, threat actors deployed a new version of the DTrack backdoor to attack organizations in Europe and Latin America. Since 2019, the Lazarus group has used DTrack as a modular backdoor in attacks against a wide range of targets, from financial environments to a nuclear power plan. Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey, and the United States have all been the target of recent attacks.
Impact
- Information Theft and Espionage
- Sensitive Information Exposure
Indicators of Compromise
MD5
931d0969654af3f77fc1dab9e2bd66b1
SHA-256
f14c5bad5219b1ed5166eb02f5ff08a890a181cef2af565f3fe7bcea9c870e22
SHA-1
7cf53577520861a1833ae99489c307f98da01b4b
Remediation
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
