Saturday 27 April 2024, Poradnik bezpieczeństwa

Deadly ISO file from North Korea


Although North Korea does not seem to be a threat in cyberspace at first glance, it regularly conducts complex attacks. The Lazarus Group, known for many major incidents, including: attacks on Sony Pictures and the Bangladesh Bank and WannaCry, is behind the latest campaign.

"Recruiters" sent ISO files to selected people, suggesting that they were part of the recruitment procedure. They knew that in Windows 10 and 11, ISOs can be mounted automatically with two clicks. Victims then opened the AmazonVNC.exe file, which downloaded malicious shellcode from the C2 server, which in turn triggered RAT, allowing remote access. The attack exploited a Windows security vulnerability (CVE-2024-21338, CVSS Score: 7.8), which allowed cybercriminals to elevate their privileges to the SYSTEM level.