It has been reported that the U.S. Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued a joint malware analysis report (MAR) on a new Trojan dubbed HOPLIGHT, used by the North-Korean APT group Lazarus. According to the MAR AR19-100A advisory published on the US-CERT website, the new Trojan was detected while tracking the malicious cyber activity of the North Korean-backed hacking group HIDDEN COBRA (also known as Lazarus, Guardians of Peace, ZINC, and NICKEL ACADEMY).
Satnam Narang, Senior Research Engineer at Tenable: “This is the 16th report compiled by the Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) over the last two years on malicious activity associated with HIDDEN COBRA (also known as Lazarus Group), a threat actor that has been linked to the North Korean government. This particular Malware Analysis Report (MAR) highlights a new Trojan, dubbed HOPLIGHT, which primarily consists of proxy applications used by HIDDEN COBRA to disguise its efforts to “phone home,” which is the traffic sent by the malware back to its command and control (C&C) server. The continued analysis and reporting by these agencies helps provide organisations and companies key indicators of compromise to identify infected systems and affected organisations as well as guidance to thwart attempts by HIDDEN COBRA to infiltrate more organisations.”
“Unfortunately in today’s cypher-physical systems, a cybersecurity risk is a safety risk. With the current generation of operational technology systems, an unmitigated cybersecurity issue is an unmitigated safety issue.”
“Where possible, designers should use orthogonal safety controls such as mechanical pressure relief values or mechanical governors, that have zero coincidence with the control systems and therefore cannot be affected by them. Today’s operational technology implementations should focus on managing the consequences of a cybersecurity attack through layered protections and mitigations using non-cybersecurity engineering controls. This should be done with a focus on providing operational resiliency to the process and overall operations.”
“As a cybersecurity strategy defenders should be focusing on two primary strategic objectives. First, raising the cost to the threat actors through a layered defensive model and non-cybersecurity consequences. Second, lowering the payoff to the threat actor by reducing the consequences and impact to the defenders of any successful attack. The recent attacks on SIS environments demonstrates there’s an unmet need to focus on the second.”
“It’s no surprise that bad actors will take steps to maintain access to compromised systems, and place effort into covering their tracks. Their degree of success depends upon their skill set, and often the cybercriminals focused on critical infrastructure are more sophisticated. In the case of Triton being used against critical infrastructure, the attackers focused on after-hours activity for reconnaissance and lateral movement. Critical infrastructure organizations, which are high-value targets, must be implementing network traffic analysis technologies to provide 7 x 24 proactive monitoring. Applying security analytics to every network conversation allows organizations to use technology to uncover low and slow data theft, credential misuse, and behavioral anomalies. Monitoring network traffic is an important complement to antivirus and other end-user device security technologies. Hackers are getting better at hiding their tracks as it pertains to antivirus, however their activities will always generate network traffic that can be used to identify their presence.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.