ThreatNeedle Malware
The Lazarus APT has surprised cybersecurity researchers once again by deploying a threatening implant that had not been used for a while - ThreatNeedle. The ThreatNeedle Malware has targeted dozens of countries and, as usual, the Lazarus criminals are going after targets in various industries. The malware possesses typical backdoor Trojan functionality, and it seems that the criminals are relying on cleverly tailored spear-phishing campaigns to reach their targets. The last time the ThreatNeedle Malware was spotted in the wild was in February 2018 when the criminals employed it in attacks against cryptocurrency exchanges and game development companies.
ThreatNeedle may go after Isolated Networks
One of the ThreatNeedle Malware's notable features is its ability to get around network segmentation. This is a security practice in which network administrators divine one large network into smaller subnetworks – this enables them to enforced different policies for each network, and reduce the amount of damage that a potential intrusion from cybercriminals would cause.
One company infected by the ThreatNeedle Malware had at least two network segments – one that was fully connected to the Internet and did not store confidential data, and another one that had no Internet access due to hosting sensitive files. Typically, cybercriminals would be unable to access the latter network segment. However, thanks to the ThreatNeedle Malware, the Lazarus APT operators were able to identify a set of Internet-connected machines that connected to the isolated network for maintenance regularly. By taking control over these devices, they were able to tamper with the network configuration and set up a hidden proxy that would connect them to a local network that would otherwise be inaccessible over the Internet.
ThreatNeedle Boasts Typical Backdoor Features
As for other features, the ThreatNeedle Malware has the ability to:
- Manage files and directories.
- Gather system hardware and software information.
- Manage running processes.
- Command the infected system to sleep or hibernate.
- Execute remote commands.
- Update the payload.
- Deploy additional malware.
- Exfiltrate data.
The Lazarus APT hackers appear to be very stubborn with their ThreatNeedle Malware campaigns – if their initial attempt fails, they would approach the target again by using a modified version of the email and a corrupted attachment. Preventing such cyberattacks requires the use of multiple layers of security, as well as ensure that all authorized personnel is familiar with the best online security practices.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.