Kowatek Solar LTD
Who are the companies commercialising large-scale thermal energy storage technologies today
04:32
Who are the companies commercialising large-scale thermal energy storage technologies today
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
17:51
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
Themis Powder2Power particle-based CSP begins commissioning in France
18:00
Themis Powder2Power particle-based CSP begins commissioning in France
3 Hours Of Free Power Explained
17:53
3 Hours Of Free Power Explained
Father of Modern Solar Approaches the Next Frontier
17:51
Father of Modern Solar Approaches the Next Frontier
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
14:40
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
The optimal internal receiver geometry for high temperature solar fuels
17:59
The optimal internal receiver geometry for high temperature solar fuels
Rolls-Royce to build four BESS facilities for Sunly in Latvia
17:52
Rolls-Royce to build four BESS facilities for Sunly in Latvia
Engie to build 155MW solar PV at gas plant in Spain 
17:51
Engie to build 155MW solar PV at gas plant in Spain 
Supreme Court of Ohio reverses permit for Oak Run Solar site
14:28
Supreme Court of Ohio reverses permit for Oak Run Solar site

Lazarus Group Targets South Korean Finance Firm Via Zero-Day Flaw

A North Korean threat actor known as the Lazarus Group has been spotted twice in the last year exploiting unnamed software flaws to gain access to South Korean financial firms. The news comes from his Asec security researcher, who released an advisory about the attack on Tuesday.

The company recorded its first attack in May 2022 and the second in October of the same year. Both operations reportedly rely on the same zero-day vulnerability.

“During the May 2022 intrusion, the affected company used a vulnerable version of a certificate program commonly used by public institutions and universities,” Asec’s advisory said. increase.

“After the incident, they updated all their software to the latest version. However, the Lazarus group used a zero-day vulnerability in their software to carry out this intrusion.”

After discovering the flaw, Asec said it disclosed it to the Korea Internet & Security Agency (KISA).

“Because the vulnerability has not yet been fully verified and no software patch has been released, we omit the manufacturer and software from this post,” Asec wrote.

From a technical perspective, threat actors used the Bring Your Own Vulnerable Driver (BYOVD) technique to exploit vulnerable driver kernel modules in software to disable security products on infected machines. .

“In addition, it runs anti-forensic techniques to hide malicious behavior by renaming files or changing timestamps before deleting files,” Asec explains.

More generally, security researchers say the certificate software in question is commonly used in South Korea, but does not feature automatic updates.

“These types of software don’t update automatically, so you’ll need to manually patch to the latest version or remove it if you’re not using it.”

Additionally, as the same hacker group used similar methods to once again infiltrate the victimized company, Asec recommended specific guidelines for companies to defend against similar attacks.

“Not only countermeasures after an attack, but continuous monitoring is necessary to prevent recurrence.”

The Asec advisory comes a few weeks after Eset researchers linked a Wslink downloader payload named WinorDLL64 to the Lazarus Group actors.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us