Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

Confusion sees India as a shortcut in competition with OpenAs

Hackers use GitHub repository to host Amadey Malware and Data Stealers and bypass filters

Openai launches a general purpose agent with ChatGpt

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Lazarus hits six Korean companies via Cross Ex, Innorix flaws, blackmail malware
Identity

Lazarus hits six Korean companies via Cross Ex, Innorix flaws, blackmail malware

userBy userApril 24, 2025No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

April 24, 2025Ravi LakshmananMalware/Threat Intelligence

Cross Ex, Innorix Zero-Day

At least six South Korea’s organizations are being targeted by the prolific North Korean-related Lazarus group as part of a campaign called Operation Sink Hall.

The activity covers Korean software, IT, Financial, Semiconductor Manufacturing and Telecommunications Industries, according to a Kaspersky report published today. The first evidence of a compromise was first detected in November 2024.

The campaign included “a sophisticated combination of watering hole strategies and vulnerability exploitation within Korean software.” “A day vulnerability of the Innorix agent was also used for lateral movement.”

Attacks have been observed to pave the way for variations of known Lazarus tools such as Threatneedle, Agamemnon, Wagent, Signbt, and Copperhedge.

Cybersecurity

What makes these intrusions particularly effective is the high possibility of exploiting security vulnerabilities in Cross Ex, the common legal software in Korea.

“The Lazarus Group has a strong grasp of these details and uses a strategy targeting South Korea, combining vulnerabilities in such software with watering hole attacks,” said a Russian cybersecurity vendor.

The exploitation of security flaws for the lateral movement of Innorix agents is notable in the fact that similar approaches have been adopted in the past by Andariel subclusters of the Lazarus Group to provide malware such as Volgmer and Andardoor.

The starting point for the latest wave of attacks was the waterhole attack, which stimulated the deployment of the threat after the target visited various Korean online media sites. Visitors landing on a site are filtered using server-side scripts before redirecting to an adversary domain to provide malware.

“We will assess with moderate confidence that the redirected site can run malicious scripts and target potential cross-EX flaws installed on the target PC and launch malware,” the researcher said. “The script then eventually ran a legitimate Synchost.exe and injected shellcode that loads the threat variant into the process.”

It has been observed that infection sequences employ two phases using threats and shaking early stages, then employing signatures and copper hedges to establish sustainability, conduct reconnaissance, and provide qualification dumping tools to compromised hosts.

They have also deployed malware families such as LPeclient for victim profiling and payload delivery, as well as download devices called Agamemnon for downloading and running additional payloads received from command and control (C2) servers, but at the same time, they incorporate running security solutions into their bypass security solutions.

Cybersecurity

One of the payloads downloaded by Agamemnon is a tool designed to perform lateral movements by taking advantage of the security flaws of the Innorix Agent File Transfer Tool. Kaspersky said its investigation unearthed any additional files that download zero-day vulnerabilities in Innorix agents patched by the developer.

“The Lazaro Group’s specialist attacks targeting South Korean supply chains are expected to continue in the future,” Kaspersky said.

“Attackers are also trying to minimize detection by developing new malware and enhancing existing malware. In particular, they showcase the extensions to how C2 communicates, command structure, and how data is sent and received.”

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleDRPC launches Nodehaus, an Infra platform for Web3 foundations to increase blockchain access efficiency
Next Article Kashmir attack: Does India’s Indus Waters Treaty freeze threaten Pakistan? | Conflict News
user
  • Website

Related Posts

Hackers use GitHub repository to host Amadey Malware and Data Stealers and bypass filters

July 17, 2025

Hackers exploit flaws in apache http server to deploy linuxsys cryptocurrency miner

July 17, 2025

Europol destroys Hacktivist Group linked to DDOS attacks against Ukraine

July 17, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Confusion sees India as a shortcut in competition with OpenAs

Hackers use GitHub repository to host Amadey Malware and Data Stealers and bypass filters

Openai launches a general purpose agent with ChatGpt

Rivian will resume work at the Georgia factory, emails show

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

BREAKING: TwinH Set to Revolutionize Legal Processes – Presented Today at ICEX Forum 2025

Building AGI: Zuckerberg Commits Billions to Meta’s Superintelligence Data Center Expansion

ICEX Forum 2025 Opens: FySelf’s TwinH Showcases AI Innovation

The Future of Process Automation is Here: Meet TwinH

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.