SecurityAffairs recently shed light on a report by FireEye security researchers about the activities of the Harmony Horizon Bridge and Lazarus APTs. The report includes a new variant of the Bridge malware named “Ovorum”, as well as the TVShow malware in the context of the cyberespionage attacks of these groups.
The report reveals that Harmony Horizon and Bridge are two different but related threat actors, because there are commonalities between the malware samples and evidence that suggests the same people could be behind it.
Harmony Horizon is a North Korean-linked APT focused on collecting intelligence from South Korea and Japan by using spear-phishing techniques and “Living-off-the-Land” tactics to deploy their tools. FireEye researchers discovered that Oliviasn, a previous version of the Harmony Horizon malware, was the first sample found that was linked to the group.
In addition, the researchers observed connections between the malware used by the Harmony Horizon group and the Bridge group, a set of hackers that specialize in developing advanced tools to monetize through cybercrime such as ransomware, data exfiltration, and fraud. The two groups share similar code patterns and appear to use the same toolset.
The Bridge-linked malware was discovered as well. Two samples, Ovorum and TVShow, have been connected to the threat actors. Ovorum was used to collect information from the victim’s computer and exfiltrate large amounts of data, while TVShow was coded for specific targets and to take screenshots.
The Lazarus APT is one of the best-known threat actor groups and is heavily involved in cyberespionage activities and computer network attack campaigns.
The analysis of the newly discovered malware variants of Bridge and Harmony Horizon highlights the need for enterprises to be especially vigilant with their cybersecurity practices and implementing preventative measures. Organizations should deploy effective detection capabilities in their security programs and introduce countermeasures to monitor and protect themselves against malicious actors attempting to access their networks. Analysis of the malware samples used to target organizations should be conducted regularly to ensure that networks are secure. Companies should also be aware of the attack network of the Harmony Horizon Bridge and Lazarus APT, as well as the malware analysis and attack strategies used by the threat actors. All of these measures will help protect against targeted attacks and reduce risk of data theft.
This Cyber News was published on securityaffairs.com. Publication date: Thu, 26 Jan 2023 10:39:02 +0000