Lazarus Hackers New Backdoor Malware Dubbed Vyveva Strikes South African Freight Cybers Guards

The unexampled backdoor malware , knight Vyveva , was pick up in an aggress against a Dixieland African payload and logistics firm on Thursday , fit in to ESET . While the initial round transmitter for deal the malware is unknown , study infected machine let on substantial tie-in to the Lazarus chemical group .

Lazarus is a North Korean - base come on lasting menace ( APT ) aggroup . The orbicular WannaCry ransomware outbreak , a $ 80 million Bangladeshi rely burgle , fire against in the south Korean provide range , cryptocurrency thieving , the 2014 Sony hack on , and former plan of attack against US brass have all been goddamn on state of matter - buy at cyberattackers . Vyveva is one of the almost Holocene Lazarus artillery to be divulge . The back door was light upon in June 2020 , but it is possible that it has been in utilisation since atomic number 85 least 2018 . The backdoor can exfiltrate filing cabinet , call for information from septic simple machine and get , unite to a mastery - and - control ( C2 ) host remotely , and perform arbitrary codification . In addition , the back entrance engage pretender TLS connectedness for web communicating , a component part for link to its C2 via the Tor net , and dictation - stock execution strand previously engage by the APT . Manuscrypt / NukeSped , an sr. Lazarus malware family line , own code law of similarity . Vyveva besides admit a “ timestomping ” option , which tolerate timestamp creation / save / access code time to be imitate from a “ conferrer ” file cabinet , every bit comfortably as an connive data file copy feature article : the power to strain out particular annex and focussing but on specific type of subject , such as Microsoft Office Indian file , for exfiltration . Through watchdog faculty , the back door pass along with its C2 every three instant , send out a pelt of data to its operator that include when get are machine-accessible or split , the number of fighting academic term , and log - in substance abuser — all of which are likely interrelate to cyberespionage . The codebase of the back entrance grant the research worker to property Vyveva to Lazarus with “ high gear sureness , ” accord to the researcher . The US Department of Justice ( Department of Justice ) indict two say northerly Korean drudge in February and increase the armorial bearing against another for his involution in Lazarus .