Rewterz Threat Alert – Lazarus APT Group

Rewterz Threat Advisory – Multiple Vulnerabilities in Cisco Business Process Automation

July 8, 2021

Rewterz Threat Advisory – CVE-2021-1234 – Cisco SD-WAN vManage Software Information Disclosure Vulnerability

July 8, 2021

Rewterz Threat Alert – Lazarus APT Group – Active IOCs

Severity

High

Analysis Summary

Following samples of Lazarus group aka Guardians of Peace, a state-sponsored North Korean threat actor group targeting financial organizations for their gains have been active again and actively targeting different organizations via phishing emails dropping malicious word documents which enables macro when downloaded and executed. Previously these campaigns were specifically crafted to target Russian organizations but now they’ve shifted their tilt towards Asia pacific region.

Impact

Credential theft
Exposure of sensitive data
Information theft and Espionage

Indicators of Compromise

Filename

New Development Guidelines[.]zip
Password[.]txt[.]lnk
Security Bugs in rigs[.]zip

MD5

d3a988a9750cb6582310c806fa32d4f1
805949896d8609412732ee7bfb44900a
f5b14052e15aea78d2da695276f585c8

SHA-256

c0eca31fa12a7785f5d296dcd9816075ba14f7cfb556999302c55b491014a89f
6c59f168e7e070fb4ef32a59aa493da141d1f93ed7ba36396f148212060f14f8
a12421659b75446687dc3e39e2d57073cf5a7d727a0a713d93b7fdfea97e5a06

SHA1

b84b8bae60f2dbae6f6ce1edd83b24925251859b
4cd9d0e58b11f7b18735918db6c00a7f14d8bae6
65ebe030d75cf579dc5a20f9c60e58e6012e0a06

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.
Always be suspicious about emails sent by unknown senders.
Never click on links/attachments sent by unknown senders.