Cyber Threat Advisory Summary - December 2017

Cyber Threat Advisory Summary - December 2017's Tags

Tags related to this article

Cyber Threat Advisory Summary - December 2017

Published 22 December 2017

NCC Group malware researchers recently published a blog post outlining the technical details of a recently identified Trojan, known as Volgmer, created by the Hidden Cobra / Lazarus group which is assessed to be closely linked to the North Korean state. In addition to technical detail around the functionality of the Trojan, this report also provides indicators of compromise which facilitate both detection and prevention. The blog post can be found here.

Although this Trojan does not represent a significant evolution in the nature of the threat – being a fairly conventional implementation of existing capabilities – it is clearly indicative of continued attempts by the North Korean regime to develop organic capability in order to circumvent virus detection capabilities based on signatures relating to existing malware types.

Several factors relating to the current geo-political situation with regard to North Korea significantly increase the threat that this threat actor poses. Not only does the regime’s isolationism make it unpredictable, but recent actions within both the nuclear and cyber domains have clearly indicated that the regime’s appetite for risk is exceptionally high. In addition to this, the regime is assessed to be increasingly dependent on cyber-enabled financial crime for its continued survival, and the complex inter-relationships between the state and private criminal enterprises mean that the likely spectrum of targets is far broader than would be the case for most other Nation State threat actors.

Threat Summary: Newly developed Trojan
Business Impact Potential: High
Recovery Complexity for Organisations: Typically High
Common Delivery Vectors: Spear Phishing

Authors

Hans Allnutt

Hans Allnutt

London - Walbrook

+44 (0) 20 7894 6925

Rhiannon Webster

Rhiannon Webster

London - Walbrook

+44 (0)20 7894 6577

Patrick Hill

Patrick Hill

London - Walbrook

+44 (0)20 7894 6930

< Back to articles