Kaspersky declares war on Lazarus Hacking Group

[Crystal_Lake_Camper]

Content source

http://betanews.com/2016/02/26/kaspersky-lazarus-war/

Oooohhh, things are about to get really interesting in the cyber-security world. Kaspersky Lab has just declared war on the infamous hacking collective Lazarus Group, and it’s bringing its friends to the fight.

Together with Novetta and "other industry partners", Kaspersky Lab has announced the formation of Operation Blockbuster targeted at disrupting the activity of the Lazarus Group.

For those unfamiliar with the name, Lazarus Group is believed to be responsible for the 2014 attack on Sony Pictures Entertainment, as well as the 2013 Operation DarkSeoul, which targeted media and financial institutions.

Kaspersky Lab, Novetta and AlienVault have analyzed samples of malware spotted on different incidents and have managed to link a number of high-profile attacks to the group. Prior to the revelation, those attacks were attributed to an "unknown attacker".

The security researchers said they found a couple of interesting things that linked various attacks to the same group. First, it was discovered that they were recycling code, borrowing fragments from one malicious program to use in another. They also spotted similarities in the way the group works: the droppers (files used to install malware) all kept their payloads within a password-protected ZIP archive.

"The password protection was implemented in order to prevent automated systems from extracting and analyzing the payload, but in reality it just helped researchers to identify the group".

Eventually, tens of different targeted attacks were linked to a single actor. The group says the first attack might have occurred in 2009, five years before the Sony incident. It seems as the group is working in the GMT+8 and GMT+9 time zones.

"As we predicted, the number of wiper attacks grows steadily. This kind of malware proves to be a highly effective type of cyber-weapon. The power to wipe thousands of computers at the push of a button represents a significant bounty to a Computer Network Exploitation team tasked with disinformation and the disruption of a target enterprise. Its value as part of hybrid warfare, where wiper attacks are coupled with kinetic attacks to paralyse a country’s infrastructure remains an interesting thought experiment closer to reality than we can be comfortable with. Together with our industry partners, we are proud to put a dent in the operations of an unscrupulous actor willing to leverage these devastating techniques", said Juan Guerrero, senior security researcher at Kaspersky Lab.

"This actor has the necessary skills and determination to perform cyber-espionage operations with the purpose of stealing data or causing damage. Combining that with the use of disinformation and deception techniques, the attackers have been able to successfully launch several operations over the last few years", said Jaime Blasco, chief scientist, AlienVault. "Operation Blockbuster is an example of how industry-wide information sharing and collaboration can set the bar higher and prevent this actor from continuing its operations".

"Through Operation Blockbuster, Novetta, Kaspersky Lab and our partners have continued efforts to establish a methodology for disrupting the operations of globally significant attack groups and attempting to mitigate their efforts to inflict further harm", said Andre Ludwig, senior technical director, Novetta Threat Research and Interdiction Group. "The level of in-depth technical analysis conducted in Operation Blockbuster is rare, and sharing our findings with industry partners so we all benefit from increased understanding is even rarer".

 

[Morvotron]

Awsome article! Every time a war like this takes place, i hope security wins, but deep, deep inside, i wish to know what'd happen if hackers or cracks win.. Just imagination.

 

[Tony Cole]

The link for operation blockbuster is blocked by Google malware protection, is it safe?

 

[jamescv7]

Any security companies will condemn the action taken by a hacking group especially if its totally disrupt the services and more revenues lost throughout the operation.

@Tony Cole: It seems Google fixed the FP result already, considering that the website contains HTTPS for encryption.

 

[OokamiCreed]

The link for operation blockbuster is blocked by Google malware protection, is it safe?

Might be because it's a redirection (it's safe). Try this direct link: Operation Blockbuster | Novetta Threat Research & Interdiction Group | Novetta and a coalition of private industry partners joined forces to profile and degrade the threat actors behind the 2014 Sony Pictures attack

 

[Ink]

How has "War" resolved anything... ?

 

[illumination]

How does "War" resolved anything... ?

This question rearranged can bring forth some thought as well, how does doing nothing when an entity that threatens your way of life in any way shape or form resolve anything.

 

[Morvotron]

How does "War" resolved anything... ?

If you don't declare war on the ones who go against the default way of living, it's pretty much a "do your own rules" society. If you ever saw Mr. Robot, it's pretty much well explained how planting a single idea on people's head can lead to great things. By this i mean, if you don't fight back, declare war, on the ones who threaten the way things are established to be, it's pretty much a "do whatever you like, nobody stops you".

 

[Sana]

How has "War" resolved anything... ?

Hmmm, unless they were Kapersky's valued clients etc, I get it. Otherwise, its just more money for all AV companies!

 

[jamescv7]

Many perspective when we say 'war' at all, and in the case of security and technology issue hence they will not rely through hacking attacks but to track their location for capturing those culprit.

Clearly where Operation Blockbuster suppose a tool for anyone to be educated and informed that hacking is not just a simple way but full of theory too.