Jannah Theme License is not validated, Go to the theme options page to validate the license, You need a single license for each domain name.

State-sponsored hackers exploit Log4Shell vulnerability to attack energy providers

A new cyber espionage campaign launched by North Korea has been discovered by security researchers. The primary targets are US, Canadian, and Japanese energy companies.

According to Cisco Talos, the hacking group Lazarus (a North Korea-affiliated hacking group also known as APT38) was confirmed to have targeted an unnamed energy provider in the United States, Canada, and Japan between February and July. Reported. It turns out that hackers exploited a year-old vulnerability in Log4j (known as Log4Shell) to compromise VMware Horizon servers. This vulnerability is a remote code execution vulnerability that allows an attacker to compromise a victim’s system before deploying malware.

Lazarus was noted for using malware VSingle and YamaBot to spy on and covertly access affected systems. However, Cisco Talos also claims that Lazarus has a previously unknown remote access called his MagicRAT. I also discovered that

“The primary goal of these attacks was to establish long-term access to the victim’s network and conduct espionage activities in support of the North Korean government’s objectives,” Cisco Talos researchers said in the report. I’m here. “This activity is consistent with past Lazarus intrusions to target critical infrastructure and energy companies to establish long-term access to siphon off their own intellectual property. ”

TechCrunch reported that the Lazarus group is financially motivated and is best known for hacking Sony in 2016. The group also claimed responsibility for the 2017 WannaCry ransomware attack. Additionally, it is associated with the theft of $100 million in crypto assets from Harmony’s Horizon Bridge. He also had $625 million in cryptocurrency stolen from the Ronin Network, a sidechain used in the game Axie Infinity.

read more: Canadian CIO Forum Considers Establishing National Cybersecurity Standards

Canada appears to be working towards a more unified cybersecurity frontier. In late August, the CIO Strategic Council announced it was drafting national professional standards for cybersecurity staff in organizations. The forums are soliciting additional input and feedback from industry stakeholders on the draft.

State-sponsored hackers exploit Log4Shell vulnerability to attack energy providers

Source link State-sponsored hackers exploit Log4Shell vulnerability to attack energy providers

Related Articles

Back to top button