New malware that exploits the INITECH Process is linked to Lazarus gang

May 6, 2022
New Malware Exploits INITECH Process Lazarus Gang North Korean Hacker

Researchers link the North Korean-sponsored Lazarus group to a new malware that targeted over 40 institutions. The recent attacks in the first months of this year revealed further details regarding the malware attacking organisations by spoofing an executable of INISAFE CrossWeb EX version 3, a security program of INITECH.

The threat actors input the malware through a DLL file into ‘inisafecrosswebexsvc[.]exe’ to bypass security detections.

 

The researchers also noticed that INITECH authentically signed the executable; therefore, the file could easily evade numerous security solutions.

 

It is coded by the threat actors as SCSKAppLink[.]dll and includes a code to access the link for spreading the malware. This recent campaign’s tricks, techniques, and procedures have made researchers think that the Lazarus APT group made the malware.

These previous months, the Lazarus group has been highly active since they consistently target different entities.

The same researchers also mentioned that the same attack was also seen in another malware campaign of Lazarus against the chemical sector. The malware attack continues the Operation Dream Job campaign, which started a couple of years ago.

Although the Lazarus group is actively deploying attacks against multiple organisations, a new threat group likely to be affiliated with the North-Korean hackers has emerged. Last year, the still unknown cybercriminal group deployed a widescale phishing attack via emails, posing as Naver, against South Korean citizens.

This year, the same unknown threat actors expanded their scope by impersonating several essential sectors and entities in South Korea.

The Lazarus group is currently the most active cybercriminal gang worldwide since it continuously spreads its scope to target various organisations and several types of entities. CISA also advised everyone about a sketchy activity that targets cryptocurrency and blockchain companies.

Since the Lazarus group executes their attacks through phishing campaigns, organisations should increase their defence against these attacks and train personnel to spot such attempts.

About the author

Leave a Reply