![]() ![]() More info Lazarus deploys three new malwares in a new campaign Cisco Talos researchers have discovered a new operation attributed to the North Korean APT Lazarus, which they have named Operation Blacksmith. The implementation of LuaDream and KEYPLUG suggests very similar development practices and that both have similar. Sandman and STORM-0866/Red Dev 40 also engage in similar infrastructure control and management practices, such as the choice of hosting providers or the set of rules used for naming domains. The LuaDream malware and the KEYPLUG backdoor were found to coexist on the victims' systems. Both PwC and Microsoft highlighted this connection during the recent LABScon 2023 cybersecurity conference. ![]() More info APT Sandman uses KEYPLUG as a backdoor The Sandman APT has been found to be linked to Chinese threat actors and is using the KEYPLUG backdoor, specifically the STORM-0866/Red Dev 40 cluster. In its tests, SafeBreach has achieved a 100% success rate, as none of the EDRs were able to detect or prevent the Pool Party attacks. These injection variants have been named Pool Party, they operate in all processes, without limitations and are not detected by leading detection and response (EDR) solutions. New Process Injection Techniques Undetectable by EDR Solutions Security researchers at SafeBreach have discovered 8 new process injection techniques that exploit Windows thread pools to trigger the execution of malicious code as a result of legitimate actions. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |