Kowatek Solar LTD
HVR Solar signs MoU for 1.2GW TOPCon cell manufacturing plant
17:54
HVR Solar signs MoU for 1.2GW TOPCon cell manufacturing plant
Largest wind farm in the United States slated to begin commercial operations
17:53
Largest wind farm in the United States slated to begin commercial operations
RETC PV Module Index highlights panel reliability concerns
14:31
RETC PV Module Index highlights panel reliability concerns
SEIA: AI is fueling a massive US energy storage boom
07:36
SEIA: AI is fueling a massive US energy storage boom
Intermodal Shifts and Retail Consolidation De-Carbonize Logistics Freight — Environmental Protection
17:55
Intermodal Shifts and Retail Consolidation De-Carbonize Logistics Freight — Environmental Protection
France VAT compliance
17:59
France VAT compliance
Battery Power Online | Peak Energy, General Motors Partner on Sodium-Ion Cells for Grid Applications
17:54
Battery Power Online | Peak Energy, General Motors Partner on Sodium-Ion Cells for Grid Applications
Why Britain is saying no to hydrogen boilers
17:53
Why Britain is saying no to hydrogen boilers
Who are the companies commercialising large-scale thermal energy storage technologies today
04:32
Who are the companies commercialising large-scale thermal energy storage technologies today
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
17:51
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid

Crypto Firms Likely Target for 3CX Attacks

According to Kaspersky, the recently discovered North Korea-related supply chain attacks were most likely devised to target cryptocurrency companies with backdoor malware.

A sophisticated, multi-stage campaign was thought to be designed to drop infostealers on targeted organizations. However, a Russian AV vendor has linked a backdoor he malware called “Gopuram” that it has been tracking since 2020 to the attack.

This confirmed that the threat group was likely North Korean Lazarus, and changed the actor’s suspected end goal from cyber espionage to theft of digital currency.

“In investigating attacks on cryptocurrency companies in Southeast Asia in 2020, we found Gopuram co-existing with the AppleJeus backdoor on the same machine, which is believed to be Lazarus,” said Kaspersky. wrote in a blog post.

“Over the years, Gopuram infected few victims, but in March 2023, the number of infections started to increase. The increase was directly related to the 3CX supply chain attack. It turned out.”

Read more about North Korea crypto attack: UN links North Korea to $281 million crypto exchange robbery.

The modular backdoor is introduced in the 3CX attack similar to the infostealer as a second stage payload via DLL sideloading. It is used to perform various actions on the affected machine, including manipulating the Windows registry and services, performing file timestamps, and injecting payloads into processes.

According to Kaspersky, the backdoor has been deployed on fewer than 10 machines so far, indicating a highly targeted campaign specifically focused on cryptocurrency companies.

“We believe Gopuram is the primary implant and final payload in the attack chain. Investigation into the 3CX campaign is not yet complete,” Kaspersky concluded. “Continuing our analysis of the deployed implants, we will look more closely at the toolset used in Supply’s chain attack.”

North Korean state-of-the-art hackers have targeted cryptocurrency companies for years and are suspected of stealing billions of dollars to fund the country’s nuclear weapons program.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us