“Lazarus Group has been active constantly,” said Chien of Symantec. It’s something that requires strict organization and control at all stages of the operation.”Īfter the Novetta report came out in early 2016, the hackers remained busy and trackable.
“The scale of Lazarus operations is shocking,” the Russia-based cybersecurity firm Kaspersky Lab said in a report on the Lazarus Group’s activities, likening its production to “a factory of malware.” “All this level of sophistication is something that is not generally found in the cybercriminal world. With the Sony hack, for example, LaMontagne said, Lazarus was “delving into all three.” And the group’s ambition seems unbounded. Then, thirdly, we have pure foreign intelligence cyber espionage.” You have folks that are very focused on making money…. “You have hacktivists who have sort of a political agenda, and everything they do is geared to messaging. “We tend to see cyber groups falling into categories and staying in their lanes,” LaMontagne said. The most high-profile attacks of the last year have apparently involved Russia, which was accused of hacking Democrats and publishing their emails to sway the presidential election toward Donald Trump.īut the Lazarus hackers have stood out not for doing one thing, but for doing everything. The backwaters of the Internet are filled with agitators, spies and fraudsters. He called it “one of the driving factors that enabled us to identify so many families of malware and make hard technical links between them all.”
LAZARUS GROUP CODE
“We came up with that name because we kept seeing unique chunks of code appearing/reappearing in new malware strains,” former Novetta technical director Andre Ludwig wrote in an email. That’s how researchers came up with “Lazarus Group,” an allusion to the biblical figure who rises from the dead. The attackers seemed to be well resourced, clever and dogged, coming back again and again. A 2012 attack on a right-wing South Korean newspaper. A 2011 attack that tried to shut down South Korean network broadcast companies and banks. Just as scientists examining DNA look for a creature’s ancestors, the researchers linked code and processes used by the Sony hackers to a string of earlier attacks.Ī 2009 distributed denial-of-service attack on American and South Korean websites. “We saw things dating back years and years and years,” said Peter LaMontagne, the former chief executive of Novetta, the American firm that led the coalition. What it found surprised the coalition: The Sony hack was far from being a one-off attack. Later, the “Operation Blockbuster” coalition began to examine data from the attack published by the U.S. government blamed North Korea, and the Guardians of Peace disappeared. Hackers calling themselves “Guardians of Peace” launched a multi-pronged assault on Sony, destroying company files, demanding ransom, publishing embarrassing emails and salary information online, and leaking unreleased films. The hackers struck as the studio was about to release “The Interview,” a Seth Rogen and James Franco comedy whose plot centers on a plan to assassinate North Korea’s leader, Kim Jong Un. Within the world of cybercrime, the Sony attack was highly unusual. Officials in Europe and the U.S., still in the beginning stages of their investigations, have not named the Lazarus Group or North Korea as a suspect.īut “with a group like Lazarus, where we have a long history,” said Eric Chien, a technical director at the Mountain View, Calif.-based Internet security firm Symantec, “I would suspect that within a couple of weeks we should be able to rule them in or rule them out.” The connection to the Lazarus Group so far is only tentative, researchers caution, suggesting that it’s possible the code was inserted as a “false flag” to throw off investigators. It was just a few lines of code, but it has appeared only in one other known place: hacking tools created by the Lazarus Group.
But as analysts and investigators began picking apart WannaCry for forensic clues - the digital equivalent of dusting for prints - a cybersecurity researcher at Google named Neel Mehta found something in an older version of the virus.
0 kommentar(er)
