Everyday is lazarus.dayβ

IT threat evolution Q2 2023

2023-08-30, Kaspersky
#3CXDesktopApp #Trend #Andariel #DeathNote


- IT threat evolution in Q2 2023
- IT threat evolution in Q2 2023. Non-mobile statistics
- IT threat evolution in Q2 2023. Mobile statistics
Targeted attacks
Gopuram backdoor deployed through 3CX supply-chain attack
Earlier this year, a Trojanized version of the 3CXDesktopApp, a popular VoIP program, was used in a high-supply-chain attack. The attackers were able to embed malicious code into the libffmpeg media processing library to download a payload from their servers.
When we reviewed our telemetry on the campaign, we found a DLL on one of the computers, named guard64.dll, which was loaded into the infected 3CXDesktopApp.exe process. A DLL with this name was used in recent deployments of a backdoor that we dubbed Gopuram, which we had been tracking since 2020. While investigating an infection of a cryptocurrency company in Southeast Asia, we found Gopuram coexisting on target computers with AppleJeus, a backdoor attributed to the Lazarus.
We had observed few victims compromised …