The North Korea-backed Lazarus Team has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped (aka Manuscrypt) implant in opposition to targets found in its southern counterpart.
“The attacker employed the Log4j vulnerability on VMware Horizon solutions that ended up not used with the security patch,” AhnLab Security Emergency Reaction Heart (ASEC) reported in a new report.
The intrusions are stated to have been initial found in April, although a number of menace actors, like individuals aligned with China and Iran, have employed the exact tactic to even further their targets in excess of the past couple months.
NukeSped is a backdoor that can accomplish different malicious routines primarily based on instructions been given from a distant attacker-managed domain. Final year, Kaspersky disclosed a spear-phishing marketing campaign aimed at thieving critical details from defense firms working with a NukeSped variant called ThreatNeedle.
Some of the important features of the backdoor variety from capturing keystrokes and having screenshots to accessing the device’s webcam and dropping supplemental payloads such as facts stealers.
The stealer malware, a console-dependent utility, is intended to exfiltrate accounts and passwords saved in web browsers like Google Chrome, Mozilla Firefox, Internet Explorer, Opera, and Naver Whale as effectively as information about email accounts and a short while ago opened Microsoft Office and Hancom documents.
“The attacker collected additional facts by applying backdoor malware NukeSped to send command line commands,” the scientists reported. “The collected facts can be utilised later on in lateral movement assaults.”
Located this report exciting? Comply with THN on Facebook, Twitter and LinkedIn to study much more distinctive written content we submit.
Some parts of this article are sourced from:
thehackernews.com
“Alarming” Surge in Conti Group Activity This Year