North Korean Attackers Use Windows Update to Deliver Malware - EVGA Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

Welcome, ! User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
Back to Mobile

Mark Thread UnreadFlat Reading Mode ❐

North Korean Attackers Use Windows Update to Deliver Malware

Author Post Essentials Only Full Version
Cool GTX EVGA Forum Moderator Total Posts : 31353 Reward points : 0 Joined: 12/12/2010 Location: Folding for the Greater Good Status: offline Ribbons : 123 Monday, January 31, 2022 3:48 PM (permalink) North Korean Attackers Use Windows Update to Deliver Malware [https://www.tomshardware.com/news/hackers-use-windows-update-for-attack] (excerpts) "Popular North Korean activist group Lazarus is using the Windows Update client to deploy malicious code, thus avoiding security mechanisms, and leveraging Github to serve as a command and control server for its latest attacks, according to Malware bytes Labs. Last week, the Malwarebytes Threat Intelligence team spotted the new campaign in two Word documents used in a spear-phishing campaign pertaining to fake Lockheed Martin job opportunities." "The two documents are known as Lockheed_Martin_JobOpportunities.docx, and Salary_Lockheed_Martin_job_opportunities_confidential.doc. As the names suggest, both these documents appear to bait targets into new job opportunities at Lockheed Martin." "part of the injection process uses the Windows Update Client to install a malicious DLL. This is very clever since this technique evades security detection systems." The bad actors are not resting & are always looking for a new angle --> though phishing is not new. Malwarebytes make good security software - even the free version is a good secondary scan tool Learn your way around the EVGA Forums, Rules & limits on new accounts Ultimate Self-Starter Thread For New Members I am a Volunteer Moderator - not an EVGA employee **Older RIG projects RTX Project Nibbler** When someone does not use reason to reach their conclusion in the first place; you can't use reason to convince them otherwise! #1 4 Replies Related Threads
Flint 1760 Omnipotent Enthusiast Total Posts : 8149 Reward points : 0 Joined: 4/26/2009 Status: offline Ribbons : 45 Re: North Korean Attackers Use Windows Update to Deliver Malware Monday, January 31, 2022 3:59 PM (permalink) It pays off for the DPRK as last year they managed to steal $400M in cryptocurrency. (Source: https://www.bloomberg.com/news/articles/2022-01-14/north-korea-stole-400-million-of-crypto-in-2021-report-says) #2
ty_ger07 Insert Custom Title Here Total Posts : 16602 Reward points : 0 Joined: 4/11/2008 Location: traveler Status: offline Ribbons : 271 Re: North Korean Attackers Use Windows Update to Deliver Malware Tuesday, February 01, 2022 3:01 PM (permalink) It's odd that installing a DLL via Word wouldn't require administrative authorization. You would think that this reflects bad on Microsoft that they are able to hijack two different Microsoft implementations. ASRock Z77 • Intel Core i7 3770K • EVGA GTX 1080 • Samsung 850 Pro • Seasonic PRIME 600W Titanium #3
Cool GTX EVGA Forum Moderator Total Posts : 31353 Reward points : 0 Joined: 12/12/2010 Location: Folding for the Greater Good Status: offline Ribbons : 123 Re: North Korean Attackers Use Windows Update to Deliver Malware Tuesday, February 01, 2022 3:42 PM (permalink) ty_ger07 It's odd that installing a DLL via Word wouldn't require administrative authorization. You would think that this reflects bad on Microsoft that they are able to hijack two different Microsoft implementations. I agree - seems MS has even more patching to do Learn your way around the EVGA Forums, Rules & limits on new accounts Ultimate Self-Starter Thread For New Members I am a Volunteer Moderator - not an EVGA employee **Older RIG projects RTX Project Nibbler** When someone does not use reason to reach their conclusion in the first place; you can't use reason to convince them otherwise! #4
Hoggle EVGA Forum Moderator Total Posts : 8899 Reward points : 0 Joined: 10/14/2003 Location: Eugene, OR Status: offline Ribbons : 4 Re: North Korean Attackers Use Windows Update to Deliver Malware Tuesday, February 01, 2022 5:54 PM (permalink) Flint 1760 It pays off for the DPRK as last year they managed to steal $400M in cryptocurrency. (Source: https://www.bloomberg.com/news/articles/2022-01-14/north-korea-stole-400-million-of-crypto-in-2021-report-says) It's needed since they are the only country that is launching missiles at Cthulhu at the bottom of the Pacific Ocean. Use an Associates Code & SAVE 5% - 10% on your purchase. Just click on the associates banner to save, or enter the associates code at checkout on your next purchase. If you choose to use my code I want to personally say "Thank You" for using it. #5

Jump to: