Click For Photo: https://regmedia.co.uk/2015/07/20/kim-jong-un.jpg
The Lazarus Group hacking operation, thought to be controlled by the North Korean government, has a new malware toy to pitch at potential targets and the US is getting worried about it.
This according to a report from US-Cert, which say that the group (also known as "Hidden Cobra") has a new piece of spyware capable of securely connecting to a control server and uploading pilfered files from infected machine.
Hoplight - Malware - Collection - Files - Obfuscation
Known as "Hoplight," the malware is a collection of nine files, though most of those are designed to work as obfuscation layers to keep admins and security software from spotting the attack.
"Seven of these files are proxy applications that mask traffic between the malware and the remote operators," US-Cert said in its write-up of the new Nork nasty.
Proxies - Ability - TLS - Handshake - Sessions
"The proxies have the ability to generate fake TLS handshake sessions using valid public SSL certificates, disguising network connections with remote malicious actors."
Below those seven proxy layers, Hoplight uses its valid SSL...
Wake Up To Breaking News!