Security Researchers Analyze Sony Hackers’ Gang they Call Lazarus Group

The Sony Picture hackers of 2014 have been found to belong to one prolific gang carrying out assaults since 2009 if not earlier, and has apparently been behind over 45 malware groups employed within assaults since then, shows a new research. Wired.com posted this, February 24, 2016.

As a joint taskforce, security researchers belonging to Kaspersky, AlienVault, Symantec and Novetta in coordination with 10 more companies recently compiled evidences collected during past 7 years that disclosed assaults flowing constantly from the Sony hackers' gang that the researchers called Lazarus Group.

It was found that in all these assaults numerous malware families were involved that included DDoS bots to keyloggers and hard drive erasers to RATs.

These malware tools along with their individual campaigns have been from various groups such as Operation Troy, Dark Seoul, Ten Days of Rain, Operation 1Mission, Wild Positron, Hangman and Duuzer during the past period. In one particular dropper that the groups individually used, a similarity has been found. By a dropper it implies one comparatively innocuous malicious program that first gains a grip of the victim's computer followed with subsequently downloading more malware that are increasingly dangerous and intrusive.

During its attacks, Lazarus targeted the military, governments, infrastructure, financial, media, and aerospace within USA and South Korea, revealed Operation Blockbuster. Seemingly, general malware tactics and cryptographic keys are shared across the group's malicious programs.

The researchers scrutinized malware samples that counted to billions gathered via Virus Total - an Internet service having over 36 AV scanners that people can use for free to examine if files they suspect are malicious or not- as well as from anti-virus companies, particularly Kaspersky Lab that collated malware strains straight from contaminated clients. Gradually, the researchers pruned the YARA rules and their signatures till they made a final collection of 2,000 samples and hitherto manually assessed 1,000 of them that they attributed to Lazarus.

Eventually, the researchers opined that they looked forward to the private industrial companies coordinating with associates belonging to other industries along with law enforcement towards bringing about a favorable change to the global network environment's safety.

» SPAMfighter News - 3/1/2016