Kaspersky declares war on Lazarus hacking group

[Batu69]

Oooohhh, things are about to get really interesting in the cyber-security world. Kaspersky Lab has just declared war on the infamous hacking collective Lazarus Group, and it’s bringing its friends to the fight.

 

Together with Novetta and "other industry partners", Kaspersky Lab has announced the formation of Operation Blockbuster targeted at disrupting the activity of the Lazarus Group.

 

For those unfamiliar with the name, Lazarus Group is believed to be responsible for the 2014 attack on Sony Pictures Entertainment, as well as the 2013 Operation DarkSeoul, which targeted media and financial institutions.

 

Kaspersky Lab, Novetta and AlienVault have analyzed samples of malware spotted on different incidents and have managed to link a number of high-profile attacks to the group. Prior to the revelation, those attacks were attributed to an "unknown attacker".

 

The security researchers said they found a couple of interesting things that linked various attacks to the same group. First, it was discovered that they were recycling code, borrowing fragments from one malicious program to use in another. They also spotted similarities in the way the group works: the droppers (files used to install malware) all kept their payloads within a password-protected ZIP archive.

 

"The password protection was implemented in order to prevent automated systems from extracting and analyzing the payload, but in reality it just helped researchers to identify the group".

 

Eventually, tens of different targeted attacks were linked to a single actor. The group says the first attack might have occurred in 2009, five years before the Sony incident. It seems as the group is working in the GMT+8 and GMT+9 time zones.

 

"As we predicted, the number of wiper attacks grows steadily. This kind of malware proves to be a highly effective type of cyber-weapon. The power to wipe thousands of computers at the push of a button represents a significant bounty to a Computer Network Exploitation team tasked with disinformation and the disruption of a target enterprise. Its value as part of hybrid warfare, where wiper attacks are coupled with kinetic attacks to paralyse a country’s infrastructure remains an interesting thought experiment closer to reality than we can be comfortable with. Together with our industry partners, we are proud to put a dent in the operations of an unscrupulous actor willing to leverage these devastating techniques", said Juan Guerrero, senior security researcher at Kaspersky Lab.

 

"This actor has the necessary skills and determination to perform cyber-espionage operations with the purpose of stealing data or causing damage. Combining that with the use of disinformation and deception techniques, the attackers have been able to successfully launch several operations over the last few years", said Jaime Blasco, chief scientist, AlienVault. "Operation Blockbuster is an example of how industry-wide information sharing and collaboration can set the bar higher and prevent this actor from continuing its operations".

 

"Through Operation Blockbuster, Novetta, Kaspersky Lab and our partners have continued efforts to establish a methodology for disrupting the operations of globally significant attack groups and attempting to mitigate their efforts to inflict further harm", said Andre Ludwig, senior technical director, Novetta Threat Research and Interdiction Group. "The level of in-depth technical analysis conducted in Operation Blockbuster is rare, and sharing our findings with industry partners so we all benefit from increased understanding is even rarer".

 

Article source

[knowledge-Spammer]

russians vs Lazarus hacking group very interesting

http://www.wnyc.org/story/kaspersky-lab-a-cybersecurity-leader-with-ties-to-russian-govt/

[edwardecl]

Unless the hacking group is really intelligent and is using signatures of other hacking groups (hacking already hacked machines) and purposefully routing their data through a different location and using timestamps from that location instead of where they actually are.

It's quite obvious if are hacking high profile targets you do it via another hacked computer accessed from a hacked public network behind a proxy server over a VPN in a countries where investigating it will be a pain. if you go through enough networks how the hell are they ever going to find you.

[knowledge-Spammer]

39 minutes ago, edwardecl said:

Unless the hacking group is really intelligent and is using signatures of other hacking groups (hacking already hacked machines) and purposefully routing their data through a different location and using timestamps from that location instead of where they actually are.

It's quite obvious if are hacking high profile targets you do it via another hacked computer accessed from a hacked public network behind a proxy server over a VPN in a countries where investigating it will be a pain. if you go through enough networks how the hell are they ever going to find you.

 

Kaspersky they are the best in reverse engineering so i am sure they will think of something

 

[straycat19]

Quote

 if you go through enough networks how the hell are they ever going to find you.

 

It isn't easy but it can be done.  And hackers who reuse code make it that much easier to track them.  With the amount of influence that can be brought to bear on ISPs, VPNs, and other relay nodes (eg TOR), and the sophisticated friendly malware that law enforcement has access to, there isn't much  a person can do to hide unless they never access the internet at all.  As CWA found out, when you bring attention to yourself or group, it isn't that difficult to track them down.

[steven36]

Same hackers were said to be the group who hacked Sony  I would not be shocked  if if they were not the ones who hacked Kaspersky

 

It shows how paranoid countries are and all the fake news about state sponsored hackers are when companies  get hacked to come to find out the suspects dont  be from any known government at all.

 

[lordi]

if they dare to crush sony like that, they should have the necessary skills

let see what happen next