North Korean Hackers Targeting Freighters With Backdoor Malware

Hackers from North Korean hacking group Lazarus are using their new malware dubbed Vyveva to attack South African freight logistics company. According to researchers, Vyveva was first discovered in June 2020, with ESET researchers only finding two infected machines, which belong to the same South African freight company, but it is very likely that backdoor was used in other cyber-espionage campaigns. Vyveva allows hackers to harvest and exfiltrate files from infected systems to servers under their control using the Tor anonymous network as a secure communication channel. The malware's extra features include support for timestomping attacks to manipulate files or hide modified files. Read more...