Early 2021, Kaspersky’s researchers, upon further analysis into the already reported CVE-2021-1732 exploit used by the BITTER APT group, have managed to discover another zero-day exploit. The experts are currently unable to link this exploit to any known threat actor.
A zero-day vulnerability is basically an unknown software bug. Upon identification and discovery, they allow attackers to conduct malicious activities in the shadows, resulting in unexpected and destructive consequences. While analyzing the CVE-2021-1732 exploit, Kaspersky experts found another such zero-day exploit and reported it to Microsoft in February. After confirmation that it is indeed a zero-day, it received the designation CVE-2021-28310.
Lazarus, advanced persistent threat group, targets the defense industry ilonggotechblog.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from ilonggotechblog.com Daily Mail and Mail on Sunday newspapers.
Kaspersky researchers first became aware of this campaign when they were called in to assist with incident response, and they discovered that the organisation had fallen victim to a custom backdoor (a type of malware that allows complete remote control over the device).
Dubbed ThreatNeedle, this backdoor moves laterally through infected networks and extracts confidential information. So far, organisations in more than a dozen countries have been affected.
Advertisement
Initial infection occurs through spear-phishing; targets receive emails that contain either a malicious Word attachment or a link to one hosted on company servers. Oftentimes, the emails claimed to have urgent updates related to the pandemic and came, supposedly, from a respected medical center.