U.S. markets close in 4 hours 9 minutes

  • S&P 500

    3,995.89
    +16.02 (+0.40%)
     

  • Dow 30

    31,676.03
    +94.75 (+0.30%)
     

  • Nasdaq

    11,839.35
    +47.45 (+0.40%)
     

  • Russell 2000

    1,842.77
    +10.77 (+0.59%)
     

  • Crude Oil

    83.55
    +1.61 (+1.96%)
     

  • Gold

    1,717.30
    -10.50 (-0.61%)
     

  • Silver

    18.38
    +0.11 (+0.63%)
     

  • EUR/USD

    0.9954
    -0.0057 (-0.57%)
     

  • 10-Yr Bond

    3.2810
    +0.0160 (+0.49%)
     

  • GBP/USD

    1.1484
    -0.0053 (-0.46%)
     

  • USD/JPY

    144.0110
    +0.2730 (+0.19%)
     

  • BTC-USD

    19,264.30
    +378.60 (+2.00%)
     

  • CMC Crypto 200

    470.58
    +0.78 (+0.17%)
     

  • FTSE 100

    7,263.10
    +25.27 (+0.35%)
     

  • Nikkei 225

    28,065.28
    +634.98 (+2.31%)
     

North Korea's Lazarus hackers are exploiting Log4j flaw to hack US energy companies

Carly Page
·2 min read

Security researchers have linked a new cyber espionage campaign targeting U.S., Canadian and Japanese energy providers to the North Korean state-sponsored Lazarus hacking group.

Threat intelligence company Cisco Talos said Thursday that it has observed Lazarus — also known as APT38 — targeting unnamed energy providers in the United States, Canada and Japan between February and July this year. According to Cisco's research, the hackers used a year-old vulnerability in Log4j, known as Log4Shell, to compromise internet-exposed VMware Horizon servers to establish an initial footholds onto a victim's enterprise network, before deploying bespoke malware known as “VSingle” and “YamaBot” to establish long-term persistent access. YamaBot was recently attributed to the Lazarus APT by Japan's national cyber emergency response team, known as CERT.

Details of this espionage campaign were first revealed by Symanetc in April this year, who attributed the operation to “Stonefly,” another North Korean hacking group that has some overlaps with Lazarus.

However, Cisco Talos also observed a previously unknown remote access trojan — or RAT — named "MagicRAT," attributed to Lazarus Group, which the hackers use for reconnaissance and stealing credentials.

“The main goal of these attacks was likely to establish long-term access into victim networks to conduct espionage operations in support of North Korean government objectives,” wrote Talos researchers Jung soo An, Asheer Malhotra and Vitor Ventura. “This activity aligns with historical Lazarus intrusions targeting critical infrastructure and energy companies to establish long-term access to siphon off proprietary intellectual property."

The Lazarus Group is a financially-motivated hacking group backed by the North Korean state that is best known for the high-profile Sony hack in 2016 and the WannaCry ransomware attack in 2017. Lazarus is also driven by efforts to support North Korea's state objectives, including military research and development and evasion of international sanctions.

However, the group has in recent months turned its attention to blockchain and cryptocurrency organizations. It has been linked to the recent theft of $100 million in crypto assets from Harmony’s Horizon Bridge, and the theft of $625 million in cryptocurrency from the Ronin Network, an Ethereum-based sidechain made for the popular play-to-earn game Axie Infinity.

Pyongyang has long used stolen cryptocurrency and the theft of other information to fund its nuclear weapons program.

In July, the U.S. government offered a $10 million reward for information on members of state-sponsored North Korean threat groups including Lazarus, double the amount that the U.S. State Department announced in April.

The race is on to patch Log4Shell, the bug that’s breaking the internet

Recommended Stories

  • Exclusive-Nornickel dividend deal to lapse as Potanin, Deripaska avoid new row -sources

    A deal to cap dividends at Nornickel, the world's top palladium and refined nickel producer, will lapse at the end of this year as its co-owners avoid renewing a row which could anger the Kremlin, three sources familiar with the matter told Reuters. Moscow brokered a 10-year accord between Nornickel's two largest shareholders in 2012 - Russian businessman Vladimir Potanin and Rusal, then controlled by Oleg Deripaska - protecting its dividend payouts with a formula based on a ratio of its debt and earnings. The deal expires at the end of 2022 and there are no talks to renew it, the sources said, because neither Potanin nor Deripaska wants a dispute at a time when Moscow faces Western sanctions over what it describes as a "special military operation" in Ukraine.

  • Ukraine calls for deployment of UN troops around Russian-occupied nuclear power plant

    Ukraine is calling for United Nation troops to take over a Russian-controlled power plant. U.N. inspectors say the plant has been "severely damaged" due to shelling.

  • Putin threatens to ‘freeze’ Europe with total energy cut-off

    Vladimir Putin has threatened to “freeze” Europe with a total shutdown of energy supplies if Brussels presses ahead with a price cap on Russian gas.

  • Oil Boom Falls Flat in Region With a Fifth of World’s Reserves

    (Bloomberg) -- From Saudi Arabia to West Texas, drillers are pumping more oil to cash in on a scorching price rally. But a region that’s home to a fifth of the world’s crude reserves is mostly missing out. Most Read from BloombergApple’s iPhone 14 Offers Camera Upgrades, Satellite FeatureRussia Privately Warns of Deep and Prolonged Economic DamageTexas Judge Says HIV Drug Mandate Violates Religious FreedomA Text Alert May Have Saved California From Power BlackoutsStocks Roar Back as Treasuries H

  • Powell says the Fed won’t be distracted by politics as it moves ‘strongly’ to bring inflation down

    Fed Chairman Jerome Powell said Thursday that the central bank won't pay attention to politics as it moves to bring inflation down.

  • Controversial ALS Drug From Amylyx Gets Rare Second FDA Meeting

    (Bloomberg) -- Amylyx Pharmaceuticals Inc. shares climbed after its controversial treatment for amyotrophic lateral sclerosis won the support of a panel of US regulatory advisers, putting the product on track for likely clearance.Most Read from BloombergQueen Elizabeth’s Doctors Are Concerned for Her HealthApple’s iPhone 14 Offers Camera Upgrades, Satellite FeatureTexas Judge Says HIV Drug Mandate Violates Religious FreedomRussia Privately Warns of Deep and Prolonged Economic DamageIndia Is Runn

  • Ukrainian troops capture Russian army lieutenant colonel on Kharkiv front – video

    Ukrainian forces during their counter-offensive on the Kharkiv axis have captured several Russian invaders, including a Russian army lieutenant colonel, Ukrainian army officer Anatoliy Shtefan tweeted on Sept. 7.

  • Ukrainian Armed Forces kill 640 Russian military personnel, destroy 2 aircraft and 2 helicopters General Staff

    STANISLAV POHORILOV - THURSDAY, 8 SEPTEMBER 2022, 09:31 The Armed Forces of Ukraine killed 640 Russian military personnel and shot down two aircraft and two helicopters on Wednesday, 7 September. Since the beginning of Russia's full-scale military invasion, Ukrainian forces have killed a total of 51,250 Russian soldiers.

  • Exclusive-German economy ministry reviews measures to curb China business

    Germany's economy ministry is considering a raft of measures to make business with China less attractive as it seeks to reduce its dependency on Asia's economic superpower, two people familiar with the matter told Reuters. The measures could include reducing or even scrapping investment and export guarantees for China and no longer promoting trade fairs and manager training there, those people said. Loans from state lender KfW could be re-directed to projects in other Asian countries, such as Indonesia, in line with attempts to diversify trade and increase business with democracies.

  • Coinbase backs lawsuit against U.S. Treasury over Tornado Cash sanctions

    (Reuters) -Crypto exchange Coinbase on Thursday said it was funding a lawsuit against the U.S. Treasury Department to block sanctions barring Americans from Tornado Cash, a virtual currency mixer accused of helping hackers launder proceeds for cybercrimes. In a lawsuit filed Thursday in a U.S. district court in Texas, six users of Tornado Cash accused the Treasury Department of violating constitutional rights to free speech and overstepping its authority in sanctioning the cryptocurrency mixer. The Treasury Department imposed sanctions on Tornado Cash last month over allegations it had laundered more than $7 billion worth of virtual currency.

  • Seniors Can Make This Much Retirement Money Without Paying Taxes

    Depending on your age, if your income is below a certain threshold, you may not have to pay taxes. Here's what you need to know.

  • ECB Goes Big With Jumbo Hike as Lagarde Hints More to Come

    (Bloomberg) -- Welcome to the Brussels Edition, Bloomberg’s daily briefing on what matters most in the heart of the European Union.Most Read from BloombergQueen Elizabeth’s Doctors Are Concerned for Her HealthApple’s iPhone 14 Offers Camera Upgrades, Satellite FeatureTexas Judge Says HIV Drug Mandate Violates Religious FreedomRussia Privately Warns of Deep and Prolonged Economic DamageIndia Is Running Out of Weapons to Deter China Due to Modi OrderThe European Central Bank hiked interest rates b

  • Social media firms to testify at U.S. Senate Homeland Security hearing

    The U.S. Senate Homeland Security and Governmental Affairs Committee will hold a hearing Wednesday with Facebook parent Meta Platforms, Alphabet's YouTube, Twitter and short video app TikTok on social media's impact on homeland security. The panel led by Democratic Senator Gary Peters will also hear from a panel of former executives including from Twitter and Facebook. The committee said the hearing will be an opportunity "to understand the extent to which social media companies’ business models, through algorithms, targeted advertising, and other operations and practices, contribute to the amplification of harmful content and other threats to homeland security."

  • Geraldo Rivera Of Fox News Makes Stunning Announcement About Donald Trump

    The conservative channel's host might hear from the former president about this.

  • German Anger Spills Over as Countries Balk at Gas-Sharing Deals

    (Bloomberg) -- Hope is dimming in Germany that it will be able clinch more gas solidarity agreements with European Union partners beyond the ones already in place with Denmark and Austria, a potential further hindrance to Berlin’s ability to mitigate the effects of the energy crisis.Most Read from BloombergQueen Elizabeth’s Doctors Are Concerned for Her HealthApple’s iPhone 14 Offers Camera Upgrades, Satellite FeatureTexas Judge Says HIV Drug Mandate Violates Religious FreedomRussia Privately Wa

  • Congressional Bill Could Bring RMD Age Hikes & Retirement Aid For Student Borrowers

    The House of Representatives has passed the SECURE Act 2.0, otherwise known as the Securing a Strong Retirement Act. This bill tweaks the laws around tax-advantaged retirement accounts in several different ways, but it's particularly good news for two groups: … Continue reading → The post Congress May Soon Pass RMD Age Hikes And Retirement Aid For Student Borrowers appeared first on SmartAsset Blog.

  • Crypto Doesn't Need More Guidance, SEC Chair Gensler Says

    “Not liking the message isn’t the same thing as not receiving it,” Securities and Exchange Commission Chair Gary Gensler said in a new speech pushing back against calls for new rules for crypto.

  • Elon Musk allowed to amend Twitter countersuit but not delay trial

    Yahoo Finance’s Alexis Keenan joins the Live show to discuss the outcome from Tuesday's hearing on the Musk-Twitter case.

  • Taiwan representative will attend Abe state funeral -foreign ministry

    TAIPEI (Reuters) -A representative from Taiwan will attend the state funeral of slain former Japanese Prime Minister Shinzo Abe this month, but the government is still discussing whom to send, the Taiwanese foreign ministry said on Thursday. Abe, the longest-serving leader in modern Japan, was fatally shot at close range during a campaign rally on July 8. Taiwan Vice President William Lai attended Abe's private funeral less than a week later in a personal capacity as a friend of his, though the trip still drew a diplomatic complaint from Beijing, which views the island as its own territory.

  • Analysis-Putin's energy gamble may prove a double-edged sword for Russia

    President Vladimir Putin's threat to completely cut off energy supplies to the West in a deepening confrontation over Ukraine could prove to be a double-edged sword for Russia. Just before the European Union announced a price cap on Russian gas on Wednesday, Putin threatened to sever supplies if such limits were imposed, warning the West it would freeze like the wolf's tail in a famous Russian fairy tale. Halting flows to Europe from Russia, the world's second largest oil exporter after Saudi Arabia and the top natural gas exporter, would likely further roil global energy markets and leave the world economy facing even higher prices.