This morning, ESET published their research into a unique watering hole attack that takes advantage of a Korean based security product used widely by the South Korean government and Internet banking websites to require website visitors to install certain approved security software before they can continue to use the site. WIZVERA Veraport manages security product software necessary to interact with specific sites. Lazarus group takes advantage of Veraport by the way it handles code signing. Veraport allows the download and execution of any signed executable, not just those signed by WIZVERA or other legitimate organizations. This opportunity allowed the attackers to set up watering holes by compromising websites that host server-side Veraport configs and replacing the requested files. Once on the web server, the user will be unaware of the download, because the Veraport software handles installation silently in the background.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.