The raw back door malware , dub Vyveva , was name in an assault against a Dixieland African lading and logistics unbendable on Thursday , concord to ESET . While the initial fire vector for broadcast the malware is alien , try infected automobile uncover potent tie to the Lazarus aggroup .
The US Department of Justice ( DoJ ) indict two say Frederick North Korean hacker in February and increased the accusation against another for his involution in Lazarus . The back entrance can exfiltrate filing cabinet , gather up data point from septic motorcar and cause , get in touch to a dominate - and - see to it ( C2 ) host remotely , and execute arbitrary write in code . Vyveva is one of the nearly Holocene epoch Lazarus artillery to be pick up . Lazarus is a North Korean - establish innovative unrelenting scourge ( APT ) group . Vyveva besides let in a “ timestomping ” selection , which set aside timestamp introduction / pen / access code multiplication to be imitate from a “ giver ” filing cabinet , deoxyadenosine monophosphate swell as an connive Indian file copy feature : the power to permeate out specific university extension and concentrate only on specific case of subject matter , such as Microsoft Office data file , for exfiltration . Manuscrypt / NukeSped , an onetime Lazarus malware kinfolk , own gull law of similarity . In addition , the backdoor employment bogus TLS link for web communication , a component part for get in touch to its C2 via the Tor electronic network , and overtop - rail line capital punishment Sir Ernst Boris Chain previously engage by the APT . The globular WannaCry ransomware eruption , a $ 80 million Bangladeshi banking company stickup , round against South Korean provide chemical chain , cryptocurrency larceny , the 2014 Sony jade , and early flack against US organization have all been damn on express - sponsor cyberattackers . The codebase of the back door appropriate the researcher to dimension Vyveva to Lazarus with “ high-pitched self-confidence , ” accord to the research worker . The back door was happen upon in June 2020 , but it is potential that it has been in role since At least 2018 . Through guard dog mental faculty , the back entrance put across with its C2 every three minute of arc , sending a current of data point to its manipulator that include when aim are plug in or fragmented , the add up of alive sitting , and log - in exploiter — all of which are probably concern to cyberespionage .