Lazarus group has been recently discovered to have targeted an Aerospace company in Spain, which involved deploying several tools, including an undocumented backdoor named “LightlessCan.”
Reports indicate that the threat actor gained access to the organization’s network last year using a spearphishing campaign impersonating a recruiter from Meta.
The threat group contacted one of the victims inside the organization via LinkedIn social networking, posing as a recruiter from Meta. The threat actor then sent two coding challenges and a job description PDF, which was malware, resulting in the execution of the malicious payload.
The victim was provided with two malicious executables, Quiz1.exe and Quiz2.exe, embedded inside two ISO images, Quiz1.iso and Quiz2.iso. The victim was tasked with rewriting the code in C++ programming language.
The two executables were a simple Hello World program and a Fibonacci program. However, the executables were much more than they printed on the console.
Both executables trigger the installation of additional payloads inside the ISO images. The first payload that was delivered was named “NickelLoader” which enables the threat actor to deploy any program on the system’s memory. Followed by other additional payloads which are used by the threat actor for various purposes.
One of the most interesting payloads used was the LightlessCan, which was found to be the successor of the Lazarus RAT BlindingCan. LightlessCab supports 68 distinct commands, of which 43 lack their original functionality.
LightlessCan can be confirmed to have been derived from BlindingCan because the order of the shared commands between LightlessCan and BlindingCan has no significant changes.
One of the most important updates on this new backdoor is mimicking Windows Native commands like ping, ipconfig, systeminfo, sc, net, etc.
ESET has published a complete report about this compromise and other detailed information, providing additional information about the source code, payload, exploit chain of the payload, compromising the system, and other information.
Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.
A new malware variant called Nunu Stealer is making headlines after being advertised on underground hacker forums…
A critical vulnerability has been identified in Siemens' User Management Component (UMC), which could allow…
Foxit Software has issued critical security updates for its widely used PDF solutions, Foxit PDF…
Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which could…
A Romanian man has been sentenced to 20 years in prison for his involvement in…
The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm over a critical vulnerability…