Lazarus Threat Group Exploiting Vulnerability of Korean Finance Security Solution
Contents
As covered before here on the ASEC Blog, the Lazarus threat group exploits the vulnerabilities of INISAFE CrossWeb EX and MagicLine4NX in their attacks.
- New Malware of Lazarus Threat Actor Group Exploiting INITECH Process (Apr 26, 2022)
- A Case of Malware Infection by the Lazarus Attack Group Disabling Anti-Malware Programs With the BYOVD Technique (Oct 31, 2022)
While monitoring the activities of the Lazarus threat group, AhnLab Security Emergency response Center (ASEC) recently discovered that the zero-day vulnerability of VestCert and TCO!Stream are also being exploited in addition to the previously targeted INISAFE CrossWeb EX and MagicLine4NX.
VestCert is a web security software developed by Yettiesoft using a non-ActiveX approach, while TCO!Stream is a company asset management program made by MLsoft. Both solutions are widely used by Korean companies.
Since Lazarus actively seeks out and exploits new vulnerabilities in software used in Korea, it is highly recommended that businesses utilizing these software solutions …
- New Malware of Lazarus Threat Actor Group Exploiting INITECH Process (Apr 26, 2022)
- A Case of Malware Infection by the Lazarus Attack Group Disabling Anti-Malware Programs With the BYOVD Technique (Oct 31, 2022)
While monitoring the activities of the Lazarus threat group, AhnLab Security Emergency response Center (ASEC) recently discovered that the zero-day vulnerability of VestCert and TCO!Stream are also being exploited in addition to the previously targeted INISAFE CrossWeb EX and MagicLine4NX.
VestCert is a web security software developed by Yettiesoft using a non-ActiveX approach, while TCO!Stream is a company asset management program made by MLsoft. Both solutions are widely used by Korean companies.
Since Lazarus actively seeks out and exploits new vulnerabilities in software used in Korea, it is highly recommended that businesses utilizing these software solutions …
IoC
064D696A93A3790BD3A1B8B76BAAEEF3
3CA6ABF845F3528EDF58418E5E42A9C1788EFE7A
55F0225D58585D60D486A3CC7EB93DE5
67D306C163B38A06E98DA5711E14C5A7
747177AAD5AEF020B82C6AEABE5B174F
8.0.23.215
8ADEEB291B48C97DB1816777432D97FD
BA741FA4C7B4BB97165644C799E29C99
C09B062841E2C4D46C2E5270182D4272
E73EAB80B75887D4E8DD6DF33718E3A5
E7C9BF8BF075487A2D91E0561B86D6F5
EC5D5941522D947ABD6C9E82E615B46628A2155F
http://ksmarathon.com/admin/excel2.asp
http://www.sinae.or.kr/sub01/index.asp
https://swt-keystonevalve.com/data/content/cache/cache.php?mode=read
https://www.bcdm.or.kr/board/type3_D/edit.asp
https://www.coupontreezero.com/include/bottom.asp
https://www.daehang.com/member/logout.asp
https://www.gongsilbox.com/board/bbs.asp
https://www.hmedical.co.kr/include/edit.php
https://www.materic.or.kr/files/board/equip/equip_ok.asp
3CA6ABF845F3528EDF58418E5E42A9C1788EFE7A
55F0225D58585D60D486A3CC7EB93DE5
67D306C163B38A06E98DA5711E14C5A7
747177AAD5AEF020B82C6AEABE5B174F
8.0.23.215
8ADEEB291B48C97DB1816777432D97FD
BA741FA4C7B4BB97165644C799E29C99
C09B062841E2C4D46C2E5270182D4272
E73EAB80B75887D4E8DD6DF33718E3A5
E7C9BF8BF075487A2D91E0561B86D6F5
EC5D5941522D947ABD6C9E82E615B46628A2155F
http://ksmarathon.com/admin/excel2.asp
http://www.sinae.or.kr/sub01/index.asp
https://swt-keystonevalve.com/data/content/cache/cache.php?mode=read
https://www.bcdm.or.kr/board/type3_D/edit.asp
https://www.coupontreezero.com/include/bottom.asp
https://www.daehang.com/member/logout.asp
https://www.gongsilbox.com/board/bbs.asp
https://www.hmedical.co.kr/include/edit.php
https://www.materic.or.kr/files/board/equip/equip_ok.asp