The alarm comes from none other than Microsoft. The infamous North Korean hacking group known as Lazarus seems engaged in a new campaign malware quite insidious.
The Redmond giant claims that, through a legitimate installer, i cybercriminali they have already affected more than a hundred victims in several countries, including Canada, the United States, Japan and Taiwan.
Apparently we are talking about software produced by the Taiwanese company CyberLink and, more specifically, of an application used in corporate contexts, which exponentially increases the danger (but also the possible advantages obtained by hackers).
The work of the cybercriminals, it seems, was of the highest level. In fact, they have effectively entered the software update system legitimate, also proposing a sort of “protection” for malware with respect to possible detection tools.
Lazarus is a name well known to security experts
In cases of this type, when even upgrading the software itself is dangerous, keep updated antivirus e operating system they can be essential moves to avoid real disasters.
The Lazarus operation seems to have the aim of stealing sensitive data and permanently accessing compromised devices, so as to be able to interact with them in the future. However, Microsoft’s warning, as is easy to imagine, was not an end in itself: Cyberlink was informed and intervened, updating their software and organizing themselves to deal with the threat effectively.
On the other hand, this operation is only the latest in a long series carried out by North Korean hackers. Lazarus, in fact, was the protagonist of the famous attack WannaCry dating back to 2017 and with substantial implications on a global level. Over the past year, the same collective has claimed massive theft regarding the blockchain network Ronin.