Monday, January 25, 18:31
Home security The Lazarus team attacks Linux systems through the Dacls Trojan

The Lazarus team attacks Linux systems through the Dacls Trojan

TrojanThe hacking team Lazarus (APT) is constantly evolving and increasing attacks of developing one new Trojan targeting systems Linux.

The Lazarus group is said to have relations with the North Korean government and has been linked to various global cyberattacks. Some of its most significant attacks are its spread WannaCry ransomware, the theft of $ 80m from the Bangladeshi bank and a new campaign attacking financial institutions around the world.

Some researchers argue that the specific ones hackers have used it too Trickbot (used by many government hacking teams) to gain access to infected systems.

The Lazarus team has purchased many tools from other hackers in the past. However, it also creates her "weapons", like the new one Trojan Remote Access (RAT), found by Netlab 360 researchers.

The security company said the trojan, called Dacls, first appeared in May, and while it has been identified by more than 20 companies offering antivirus solutions, it is still considered "unknown".

Researchers analyzed a sample of malware and found it to be "fully functional RAT platform for platforms Windows and Linux", Probably related to this group.

A domain associated with malware, thevagabondsatchel.com, is a further indication of the Lazarus team's involvement, as the site was previously used by APT to store malware.

Researchers believe that CVE-2019-3396, a remote code error that affects the Atlassian Confluence server version 6.6.12 macro (and earlier), is used to infect systems and develop Dacls.

RAT, which varies depending on the target operating system, shares its command-and-control (C2) protocol. Dacls is one modular malicious software and uses it TLS and RC4 encryption when communicating with his C2 as well AES encryption for protection of configuration files.

When a vulnerable Linux system is detected, the malicious program runs in the background and checks for updates.

Trojan is capable of performing various functions such as stealing, deleting, executing files, scanning a directory, downloading other payloads, stopping processes, uploading data and other.

As we said above, the trojan spreads through a known vulnerability and a patch is already available, so IT administrators should update their Confluence setups to stay safe.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...

SpaceX launched 143 satellites simultaneously

SpaceX broke every record with its last spacecraft mission into orbit. The company successfully launched the Transporter-1 mission ...

Sony may resurrect the Xperia Compact to compete with Apple

Have you seen the iPhone 12 mini and wish there was an Android equivalent to this small but powerful smartphone? Can the desire ...

Artificial intelligence (AI) may one day be used against us

AI algorithms offer us the news we read, the ads we see, and in some cases even drive cars ...