One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 7188 |
| Date de publication | 2016-08-09 13:00:00 (vue: 2016-08-09 13:00:00) |
| Titre | OnionDog – An Example of a Regional, Targeted Attack |
| Texte | BackgroundBad actors are getting more sophisticated with the techniques they employ, including their ability to target specific industries and geographical regions. OnionDog is a good example of an attack that exploits a vulnerability in an application that is both popular in the target region, and is commonly deployed in the organizations the attackers wish to compromise.The Helios team at 360 SkyEye Labs published a detailed analysis of the OnionDog APT earlier this year, and during the dog-days of Summer (see what I did there?) it seems appropriate to revisit this malware. OnionDog has been around for several years and exploits a vulnerability in Hangul office software, which is a popular Korean-language productivity suite. Hangul software is also widely deployed in South Korean Government agencies and facilities.The group behind OnionDog is the Lazarus Group, exposed by AlienVault and other threat intelligence teams as part of Operation Blockbuster for its targeting of Sony Pictures and a range of other targets.How it WorksOnionDog used various techniques to entice victims to open the malicious attachment. The attachments targeted a range of government agencies and utilities, such as power, water, ports, transit, and rail to lure its victims (see the screenshot of the ‘Investigation Report of the Korean Railway Accident” below). Source: 360 SkyEye LabsThe malware installs a back door to the compromised system, collects and forwards information about the compromised systems to the C&C server, as well as infecting any device attached to the USB drive.Impact on youThe regional nature of OnionDog will likely limit your exposure to this particular version of the threat if you’re not located in South Korea. However, if there is a user of Hangul software on your network, or if someone in your office may have visited an office that uses Hangul software and plugged a device into a compromised system, you may be at risk of data loss. However, although this version of the malware is localized to South Korea, the Lazarus Group could easily choose another popular application to target specific organizations in other countries.How AlienVault HelpsThe AlienVaultâ Unified Security Management (USM)™ platform delivers the essential security capabilities that organizations of all sizes need to detect, prioritize, and respond to threats like OnionDog. The AlienVault Labs team regularly updates the rulesets that drive the threat detection and response capabilities of the AlienVault USM platform, to keep you up to date with new and evolving threats such as OnionDog. The Labs team performs the threat research that most IT teams simply don’t have the expertise, time, budget, or tools to do themselves on the latest threats, and how to detect and respond to them.The Labs team recently updated the USM platform’s ability to detect this new threat by adding IDS signatures to detect the malicious traffic and a correlation directive to link events from across a network that indicate a system compromised by OnionDog. Learn more about the |
| Notes | |
| Envoyé | Oui |
| Condensat | related ‘investigation 360 ability about accident” account across actors adding agencies alerted aliens alienvault alienvaultâ all also although analysis another any application appropriate apt are around attached attachment attachments attack attacker attackers back backgroundbad been behavior behind being below between blockbuster both budget c&c campus can capabilities choose collects commonly community compromise compromised continue correlation could countries create customers data date days defenses delivers deployed detailed detect detection device did directive discussed dog don’t door drive during earlier easily employ engage entice essential even events evolving example exchange expertise exploits exposed exposure facilities featuresuniversity fellow forums forwards free from geographical get getting good government group hangul has have helios helpsthe how however ids impact including indicate indicators industries infecting information installs integration intelligence interact introduces iocs its keep korea korean labs labsthe language latest lazarus learn like likely limit link localized located loss lure malicious malware management may means monitor more most nature need network new news not office oniondog open operation organizations other otx part particular performs pictures platform platform’s plugged popular ports posted power present prioritize product productivity published rail railway range recently region regional regions regularly report research respond response result revisit risk rulesets screenshot secures security see seems server several signatures simply sizes skyeye software someone sony sophisticated source: south specific storieswhat’s such suite summary summer system systems target targeted targeting targets team teams techniques them themselves these threat threats time tools traffic transit unified update updated updates usb used user uses usm usm utilities various vectors version victims visited vulnerability water well what when whenever where which widely will wisconsin-superior wish worksoniondog year years you’re your youthe |
| Tags | Medical |
| Stories | APT 38 |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.