Hackers linked to the North Korean government are using an update of the Dtrack malware in the form of a backdoor. This time, their victims are in European and Latin American countries focused on education, chemical manufacturing, governmental research centers and policy institutes, IT service providers, utility providers, and telecommunication firms. Read all about these movements in the following lines.
Read: Researcher was rewarded with $70,000 for solving a flaw in Google Pixel Smartphones
Lazarus is behind this Dtrack update
The backdoor malware, known as Dtrack, is being used by hackers linked to the North Korean government. They have been very active in countries like Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey, and the U.S., among others. Kaspersky researchers have been responsible for tracking and publicizing these movements.
In their report, the managers Konstantin Zykov and Jornt van der Wiel explain that: “Dtrack allows criminals to upload, download, start or delete files on the victim host.” This malware is also known as Valefor and Preft, and was developed by Andariel, which is believed to be a subgroup of Lazarus which continues to be tracked throughout the world’s cybersecurity community.
One of the most well-known attacks carried out using Dtrack was the one that occurred at a nuclear power plant in India. More recently, it has been linked to the Maui attack. However, Kaspersky confirms that some things have changed; hence, it is considered an update, including how the implant conceals its presence within a seemingly legitimate program and the use of three layers of encryption and obfuscation designed to make analysis more difficult.
As part of their conclusions, the researchers state: “The Dtrack backdoor continues to be used actively by the Lazarus group. Modifications in the way the malware is packed show that Lazarus still sees Dtrack as an important asset.”
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Photo by Micha Brändli on Unsplash.
Facebook: Eagle Tech Corp
Instagram: @eagletech_corp
Twitter: @eagletechcorp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp