Lazarus Group rises again from the digital grave with Hoplight malware for all

www.theregister.co.uk | 4/6/2019 | Staff
kshama-s (Posted by) Level 3
Click For Photo: https://regmedia.co.uk/2015/07/20/kim-jong-un.jpg

The Lazarus Group hacking operation, thought to be controlled by the North Korean government, has a new malware toy to pitch at potential targets and the US is getting worried about it.

This according to a report from US-Cert, which say that the group (also known as "Hidden Cobra") has a new piece of spyware capable of securely connecting to a control server and uploading pilfered files from infected machine.

Hoplight - Malware - Collection - Files - Obfuscation

Known as "Hoplight," the malware is a collection of nine files, though most of those are designed to work as obfuscation layers to keep admins and security software from spotting the attack.

"Seven of these files are proxy applications that mask traffic between the malware and the remote operators," US-Cert said in its write-up of the new Nork nasty.

Proxies - Ability - TLS - Handshake - Sessions

"The proxies have the ability to generate fake TLS handshake sessions using valid public SSL certificates, disguising network connections with remote malicious actors."

Below those seven proxy layers, Hoplight uses its valid SSL...
(Excerpt) Read more at: www.theregister.co.uk
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!