The Torisma Spyware is a threatening implant used by the North Korean hackers known as the Lazarus APT or Hidden Cobra APT. They are one of the most active Advanced Persistent Threat (APT) groups, and their attacks are concentrated on entities in the aerospace, military and defense sectors usually. The Torisma Spyware, in particular, has been used in attacks against targets in the defense and aerospace sectors. The spyware's primary goal is to gather valuable information from the compromised networks without any obvious trouble.
North Korean Hackers Deploy the Torisma Spyware to Precisely Chosen Systems
Just like other attacks of the Hidden Cobra APT, this one also involves several stages and a large number of checks to prevent the malware from running on computers that the attackers are not interested in. Allegedly, the Torisma Spyware is delivered as a second-stage implant after the hackers manage to infect a network with an unidentified first-stage payload. The attack is executed via spear-phishing emails that target the defense and aerospace industries of Israel, Russia, Australia and India. The Lazarus APT hackers also are leveraging compromised legitimate websites that have been transformed into Command-and-Control servers.
The first-stage implant gathers basic system information about the infected system, and it also checks if its IP address matches one of the IP addresses found in a pre-defined list of targets. If an equivalent is found, the malware will proceed to try and deploy the Torisma Spyware. This basic but effective check helps the Torisma Spyware keep its activity under the radar and only runs on selected targets.
Once up and running, the Torisma Spyware could provide the attackers with access to more information about the infected system, as well as the ability to spy on users, collect credentials and specific types of files. The state-sponsored Hidden Cobra hackers are one of the largest threats in the world of cybersecurity, and they are a constant problem because of their ever-evolving malware arsenal.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Torisma Spyware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.