North Korean hackers use Windows Update and GitHub in spear phishing attack

Malwarebytes recently discovered a campaign perpetrated by the advanced persistent threat group (APT) known as Lazarus. The campaign used spear phishing attacks that included malicious documents disguised every bit data near job opportunities with Lockheed Martin. Equally part of its attack methodology, the Lazarus group uses Windows Update and GitHub to bypass security software.

Malwarebytes thoroughly breaks down the attack in technical terms. One function of the campaign uses Windows Update to bypass security detection mechanisms. Malwarebytes notes that this is a "clever" employ of Windows Update.

"This is an interesting technique used past Lazarus to run its malicious DLL using the Windows Update Client to bypass security detection mechanisms," said Malwarebytes. "With this method, the threat actor tin can execute its malicious code through the Microsoft Windows Update client..."

The Lazarus group also used GitHub in its attack. Using GitHub makes information technology hard for security products to tell the deviation between malicious and legitimate content. This is the first time that Malwarebytes has observed the group using GitHub in this mode.

"Rarely do we see malware using GitHub as C2 and this is the starting time time we've observed Lazarus leveraging it," explained Malwarebytes. "Using GitHub as a C2 has its own drawbacks but it is a clever choice for targeted and brusque term attacks equally it makes it harder for security products to differentiate between legitimate and malicious connections."

The Lazarus grouping previously used spear phishing tactics to obtain COVID-19 research. Lazarus was besides connected to the well-known attack on Sony and the WannaCry ransomware attack.

Lazarus was besides alleged to be involved in the theft of $400 meg worth of cryptocurrency in 2022.

Keeping it affordable

Review: Surface Laptop SE is the new standard for One thousand-8 Windows PCs

Starting at simply $250, Microsoft's first foray into affordable laptops for the education market is a winner. With a gorgeous design, splendid thermals, and a fantastic typing experience, Microsoft would do correct to sell this direct to consumers every bit well. Allow's merely hope Intel can make a better CPU.

Exclusivity over saturation

Why Xbox Game Laissez passer rightfully rejects the Spotify model

Spotify is often cited as a doomsday instance of what Xbox Game Pass could do to the video game industry. The reality is quite the reverse, Microsoft is rejecting the Spotify model, and rightfully and then.

Polish brilliant like a diamond

These laptops accept bright screens not bad for outdoor utilise

Due to the never-ending war against sunday glare, laptop developers have made their laptop screens brighter than ever in recent years. Here's a collection of some of our favorite laptops with bright displays.

Source: https://www.windowscentral.com/windows-update-used-bypass-security-software-north-korean-cybercrime-group

Posted by: tranwhempos60.blogspot.com

Share this post