{"id":1944,"date":"2017-05-17T16:24:33","date_gmt":"2017-05-17T19:24:33","guid":{"rendered":"https:\/\/www.nachodelatorre.com.ar\/mosconi\/?p=1944"},"modified":"2017-05-17T16:24:33","modified_gmt":"2017-05-17T19:24:33","slug":"reporte-de-amenazas-de-kaspersky-lab","status":"publish","type":"post","link":"https:\/\/www.fie.undef.edu.ar\/ceptm\/?p=1944","title":{"rendered":"Reporte de amenazas de Kaspersky Lab"},"content":{"rendered":"<p>According to the experts from KasperskyLab, the infamous\u00a0<a href=\"http:\/\/securityaffairs.co\/wordpress\/57226\/cyber-crime\/symantec-lazarus-apt-banks.html\">Lazarus APT<\/a>\u00a0group, aka BlueNoroff, is the most dangerous threat\u00a0against\u00a0financial institutions worldwide.<\/p>\n<p>The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated.<!--more--><\/p>\n<p>This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.<\/p>\n<p><img loading=\"lazy\" class=\"attachment-st_normal_thumb  wp-post-image alignright\" src=\"http:\/\/www.cyberdefensemagazine.com\/wp-content\/uploads\/2017\/05\/kreport-642x336.png\" alt=\"\" width=\"420\" height=\"220\" \/>Experts at Symantec collected evidence demonstrating the Lazarus APT group was behind the campaign that leveraged on a \u201cloader\u201d software used to stage attacks by installing other malicious programs.<\/p>\n<p>Both US and South Korea governments are blaming Pyongyang for the attacks, but the\u00a0North Korean government has denied allegations it was behind the hacks.<\/p>\n<p>The\u00a0<a href=\"http:\/\/securityaffairs.co\/wordpress\/56511\/cyber-crime\/lazarus-malware-false-flag.html\">Lazarus APT<\/a>\u00a0has been associated with numerous cyber attacks against\u00a0high-profile targets, including the 2014\u00a0<a href=\"http:\/\/securityaffairs.co\/wordpress\/47320\/cyber-crime\/sony-pictures-malware.html\">Sony Pictures<\/a>\u00a0hack, the\u00a0<a href=\"http:\/\/securityaffairs.co\/wordpress\/57396\/cyber-crime\/bangladesh-cyber-heist.html\">Bangladesh cyberheist at the New York Federal Reserve Bank<\/a>\u00a0and the recent attack against\u00a0<a href=\"http:\/\/securityaffairs.co\/wordpress\/57226\/cyber-crime\/symantec-lazarus-apt-banks.html\">banks in Poland<\/a>.<\/p>\n<p>According to Kaspersky Lab, the hacking campaign against banks worldwide is still ongoing, recently the experts detected new malware samples linked to the group\u2019s activity.<\/p>\n<p>Below the findings of an\u00a0<a href=\"https:\/\/securelist.com\/analysis\/quarterly-malware-reports\/78169\/apt-trends-report-q1-2017\/\">ATP trends report<\/a>\u00a0recently published by Kaspersky Lab:<\/p>\n<ul>\n<li><em>We believe BlueNoroff is one of the most active groups in terms of attacks against financial institutions and is trying to actively infect different victims in several regions.<\/em><\/li>\n<li><em>We think their operations are still ongoing, and in fact, their most recent malware samples were found in March 2017.<\/em><\/li>\n<li><em>At the moment we believe BlueNoroff is probably the most serious threat against banks.<\/em><\/li>\n<\/ul>\n<p><img loading=\"lazy\" class=\" wp-image-24524  alignright\" src=\"http:\/\/www.cyberdefensemagazine.com\/wp-content\/uploads\/2017\/05\/kreport.png\" sizes=\"(max-width: 1600px) 100vw, 1600px\" srcset=\"http:\/\/www.cyberdefensemagazine.com\/wp-content\/uploads\/2017\/05\/kreport.png 1600w, http:\/\/www.cyberdefensemagazine.com\/wp-content\/uploads\/2017\/05\/kreport-300x241.png 300w, http:\/\/www.cyberdefensemagazine.com\/wp-content\/uploads\/2017\/05\/kreport-768x616.png 768w, http:\/\/www.cyberdefensemagazine.com\/wp-content\/uploads\/2017\/05\/kreport-1024x822.png 1024w\" alt=\"\" width=\"414\" height=\"332\" \/><\/p>\n<p>Kaspersky is currently monitoring the activities of more than\u00a0100 threat actors, APT groups and financially motivated cybercrime gangs, that are targeting almost any industry across over 80 countries.<\/p>\n<p>Other APT groups tracked by Kaspersky that were most active in the first quarter of 2017 were\u00a0<a href=\"http:\/\/securityaffairs.co\/wordpress\/56672\/intelligence\/shamoon-2-malware-c2.html\">Shamoon<\/a>\u00a0and\u00a0<a href=\"http:\/\/securityaffairs.co\/wordpress\/56929\/cyber-crime\/stonedrill-wiper-shamoon.html\">StoneDrill<\/a>\u00a0APTs. According to the researchers, the groups are distinct, but they share the same\u00a0two separate likely they are working together to compromise Saudi targets with high sophisticated wiper malware.<\/p>\n<p>The experts linked the\u00a0<a href=\"http:\/\/securityaffairs.co\/wordpress\/56929\/cyber-crime\/stonedrill-wiper-shamoon.html\">StoneDrill<\/a>\u00a0malware to\u00a0<a href=\"http:\/\/securityaffairs.co\/wordpress\/55235\/cyber-crime\/shamoon-2-virtualizations.html\">Shamoon 2<\/a>\u00a0attacks and\u00a0<a href=\"http:\/\/securityaffairs.co\/wordpress\/56348\/hacking\/magic-hound-campaign.html\">Charming Kitten<\/a>\u00a0campaign (aka\u00a0<a href=\"http:\/\/securityaffairs.co\/wordpress\/56348\/hacking\/magic-hound-campaign.html\">Newscaster<\/a>\u00a0and\u00a0<a href=\"http:\/\/resources.infosecinstitute.com\/past-present-iran-linked-cyber-espionage-operations\/\">NewsBeef<\/a>).<\/p>\n<p>The malware was used by threat actors against entities in Saudi Arabia and at least one organization in Europe.<\/p>\n<p>The experts discovered many similarities between malware styles and malware components in Shamoon, StoneDrill, and NewsBeef.<\/p>\n<p>Malware researchers highlighted that APT groups\u00a0leverage\u00a0on the use of generic tools in attacks making hacked the attribution of the attacks.<\/p>\n<p><em>\u201cRather than creating and having their own tools, these use generic tools that are good enough to complete an operation, and provide an evident economic advantage, with the added value of making both analysis of the incident and attribution to a particular actor more difficult.\u201d states the report.<\/em><\/p>\n<p><em>\u201cNowadays there is a large number of different frameworks providing cyber-actors with many options, especially for lateral movement. This category includes Nishang, Empire, Powercat,\u00a0<\/em><a href=\"http:\/\/securityaffairs.co\/wordpress\/56110\/cyber-crime\/fileless-malware-campaign.html\"><em>Meterpreter<\/em><\/a><em>, etc. Interestingly, most of these are based on Powershell, and allow the use of fileless backdoors.\u201d<\/em><\/p>\n<p><strong>Fuente:<\/strong> <em><a href=\"http:\/\/www.cyberdefensemagazine.com\/kaspersky-lab-apt-trends-report-q1-2017-from-lazarus-apt-to-stonedrill\/\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/www.cyberdefensemagazine.com<\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to the experts from KasperskyLab, the infamous\u00a0Lazarus APT\u00a0group, aka BlueNoroff, is the most dangerous threat\u00a0against\u00a0financial institutions worldwide. The activity of the Lazarus Group surged&hellip; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[23,29],"tags":[],"_links":{"self":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts\/1944"}],"collection":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1944"}],"version-history":[{"count":0,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts\/1944\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1944"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1944"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1944"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}