Experts have uncovered a scheme of fraudsters infecting companies through news sites

Kaspersky GReAT experts have identified a new complex target campaign of the Lazarus group. The attackers infected companies in South Korea through news sites and financial software, Kaspersky Lab told Izvestia on April 24.

Fraudsters attacked organizations using a combination of two main methods. At first, they infected systems through legitimate news sites (a tactic called watering hole). Then they exploited a vulnerability in the widely used South Korean file transfer software Innorix Agent, which is software for performing a number of financial and administrative operations.

At least six companies from South Korea were attacked — in the fields of software, IT, finance, semiconductor manufacturing and telecommunications. At the same time, experts are confident that the number of victims may be higher.

"The analysis of attacks indicates a serious problem in the field of cybersecurity: the use of third-party browser plug-ins and auxiliary tools significantly increases the likelihood of an attack, especially in infrastructures where outdated software or software with regional specifics is used. Such components often use elevated privileges in their work, remain in memory and interact closely with browser processes, which makes them attractive and often easier targets for intruders than modern browsers," explained Igor Kuznetsov, director of Kaspersky GReAT.

Confuse the Networks: software failures at the end of the year were most frequently recorded in retail and logistics

Difficulties arise from the departure of software vendors and increased attacks, experts say

To protect themselves from fraud attacks, experts recommended that organizations: regularly update the software on all devices, audit the security of networks and assets, use a comprehensive cybersecurity solution, and provide information security specialists with access to up-to-date information about cyber threats that an organization may face.

Earlier, on February 19, it was reported that in 2025, ransomware programs will remain among the main cyber threats to Russian organizations. This is stated in the analytical report of the F6 company "Cyber threats in Russia and the CIS. Analytics and forecasts 2024/25". Personal data remains one of the main targets of fraudsters: attackers first steal sensitive information and only then encrypt the victim's infrastructure.