Lazarus group ransomware8/3/2023 ![]() The passwords used to encrypt the Zip files embedded in the WannaCry dropper are similar across both versions and indicating that the author of both versions is likely the same group,” the researchers explained. “The earlier versions of WannaCry and the one used in the May 12 attacks are largely the same, with some minor changes, chiefly the incorporation of the EternalBlue exploit. “But how likely is it that the previous WannaCry attacks and the latest one have been mounted by the same team?” you ask. Previous WannaCry attacks were flagged in February, March, and April 2017, and an analysis of the tools, techniques, and infrastructure used in these attacks has revealed many similarities with the those used in previous Lazarus attacks.įor example: Following the first WannaCry attack in February, three pieces of malware linked to Lazarus were discovered on the victim’s network: Trojan.Volgmer and two variants of Backdoor.Destover, the disk-wiping tool used in the Sony Pictures attacks.Īnother example: Trojan.Alphanc, which was used to spread WannaCry in the March and April attacks, is a modified version of Backdoor.Duuzer (previously linked to Lazarus).Ī third one: Trojan.Bravonc used the same IP addresses for C&C as Backdoor.Duuzer and Backdoor.Destover. But, it was the first time that this particular variant, which incorporated the leaked “EternalBlue” exploit, was employed. Symantec researchers have found more links between WannaCry ransomworm and Lazarus, the hacking group believed to be behind the 2014 attack on Sony Pictures and the 2016 Bangladesh Central Bank heist.Įarlier WannaCry attacks point to the groupĪs you may or may not know, the May 12 attack was not the first time that the WannaCry ransomware was used.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |