South Korea is on the verge of experiencing an array of cyber attacks from North Korea.
VMware Horizon has become a medium which hackers such as the North Korea-backed Lazarus Group use to anchor the Log4Shell vulnerability deploy the NukeSpeed (aka Manucrypt) against people in the south. It was disclosed in a report by the AhnLab Security Emergency Response Center (ASEC) on how the hackers implemented Log4S
“The attacker used the Log4j vulnerability on VMware Horizon products that were not applied to the security patch,” AhnLab Security Emergency Response Center (ASEC) said in a new report.
The intrusions are said to have been first discovered in April, although multiple threat actors, including those aligned with China and Iran, have employed the same approach to further their objectives over the past few months.
NukeSped is a backdoor that can perform various malicious activities based on commands received from a remote attacker-controlled domain. Last year, Kaspersky disclosed a spear-phishing campaign aimed at stealing critical data from defense companies using a NukeSped variant called ThreatNeedle.
Some of the key functions of the backdoor range from capturing keystrokes and taking screenshots to accessing the device’s webcam and dropping additional payloads such as information stealers.
The stealer malware, a console-based utility, is designed to exfiltrate accounts and passwords saved in web browsers like Google Chrome, Mozilla Firefox, Internet Explorer, Opera, and Naver Whale, as well as information about email accounts and recently opened Microsoft Office and Hancom files.
“The attacker collected additional information using backdoor malware NukeSped to send command line commands,” the researchers said, adding that the collected information can be used later in lateral movement attacks.
Why Target South Korea?
It was earlier reported that South Korea has joined NATO Cooperative Cyber Defense Center of Excellence (CCDCOE). This move is most likely going to upset Russia and strain its relationship with the Asian country. It is seen not only as a slap to the mentioned country but also to North Korea who never supports NATO.
