Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

Lazarus Targets Software Vendor

October 30, 2023
Reading Time: 7 mins read
in Incidents

The North Korean Lazarus hacking group has carried out a series of persistent breaches on a software vendor, repeatedly exploiting vulnerabilities in the vendor’s software. The attacks, which Kaspersky discovered in July 2023, targeted a software vendor and continued between March and August 2023.

Furthermore, this breach highlights Lazarus’s unwavering commitment to their likely objectives of stealing valuable source code and tampering with the software supply chain. These attacks involved the use of SIGNBT malware and a sophisticated infection chain, underscoring the group’s determination and sophisticated tactics.

The report reveals that Lazarus focused on exploiting vulnerabilities in security software used for web communications encryption. Although the exact exploitation method remains unknown, the attacks resulted in the deployment of SIGNBT malware and the injection of shellcode into memory to ensure stealthy execution. Persistence was established by adding a malicious DLL to startup or through Windows Registry modifications, allowing the malware to decrypt and load the SIGNBT payload from a local filesystem path. SIGNBT received its name from the distinct strings it uses for command and control (C2) communications, enabling the exchange of information about the compromised system and executing commands.

The SIGNBT malware supports various commands, such as system information gathering, process management, file system operations, and more. The malware can also fetch additional payloads from the C2, granting Lazarus operational versatility.

Additionally, Lazarus leveraged SIGNBT to load credential dumping tools and the LPEClient malware on compromised systems. LPEClient serves as an info-stealer and loader, demonstrating significant evolution compared to earlier versions and using advanced techniques to improve stealth and avoid detection. These actions by the Lazarus group emphasize the need for organizations to proactively patch software and prevent vulnerabilities’ exploitation.

References:

  • A cascade of compromise: unveiling Lazarus’ new campaign
Tags: 2023BreachCyber incidentCyber Incidents 2023CyberattackCybersecurityHackersLazarusNorth KoreaVendorsVulnerabilities
ADVERTISEMENT

Related Posts

Supermarket Cyberattack Prompts Warning

China Hacker Suspected in DC Law Firm Breach

July 14, 2025
Supermarket Cyberattack Prompts Warning

nius.de Cyberattack Leaks User Data

July 14, 2025
Supermarket Cyberattack Prompts Warning

Supermarket Cyberattack Prompts Warning

July 14, 2025
Avantic Lab Affected By Ransomware

Avantic Lab Affected By Ransomware

July 11, 2025
Avantic Lab Affected By Ransomware

Microsoft’s Outlook Long Outage

July 11, 2025
Avantic Lab Affected By Ransomware

$40M+ Stolen from GMX Crypto Platform

July 11, 2025

Latest Alerts

WinRAR Zero-Day Exploit $80K on Dark Web

Google Gemini Flaw Hijacks Email Summaries

Wing FTP Server RCE Flaw Exploited

Fake Sites Push Investment Scams

Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

Subscribe to our newsletter

    Latest Incidents

    Supermarket Cyberattack Prompts Warning

    China Hacker Suspected in DC Law Firm Breach

    nius.de Cyberattack Leaks User Data

    Microsoft’s Outlook Long Outage

    Avantic Lab Affected By Ransomware

    $40M+ Stolen from GMX Crypto Platform

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial