Kaspersky, the IT security software maker, has noticed some servers in the country that were utilized by Lazarus, the infamous cyber criminal gang, which is thought to be the brain for huge scale cyber assaults all over the world comprising the latest WannaCry ransomware. While studying the newest activities of the notorious cyber criminal team Lazarus, Kaspersky Lab has exposed a lot of negotiated servers being employed as fraction of the threat actor’s global control and command infrastructure, the software firm claimed to the media in an interview.
“The negotiated servers, found in India, Indonesia, Malaysia, Bangladesh, South Korea, Vietnam, Thailand, and Taiwan among others, might be utilized by Lazarus to roll out aimed assaults in opposition to an organization or a company,” Kaspersky Lab claimed in a statement to the reporters. Korean speaking Lazarus team is thought to be the brain for latest sophisticated cyber assaults such as the million-dollar Bangladesh Bank heist in 2016, the hack of Sony Pictures in 2014, and the latest WannaCry disparaging ransomware outbreak, according to the statement.
The criminal team by name of Guardians of Peace had admitted accountability on Sony Picture. It had asked Sony to pull down “The Interview” film that was a comedy about a plot to murder Kim Jong-un, the North Korean leader. Kaspersky claimed that Lazarus, which is also Korean originated group, is believed to be state-supported. China, the U.S., and India are top three nations housing most number of negotiated servers, said the report of Kaspersky Lab.
“As per open source intelligence, 3 of the leading 5 nations that still have servers consisting this vulnerability are in the APAC area: India (1,524), China (7,848), and Hong Kong (1,102). The U.S. leads the list with the most number of vulnerable servers (11,949), while the U.K. lands in the 5th position with 805,” the report further added while speaking of the issue. Kaspersky Lab claimed that scientists have found that the servers had been contaminated employing malware dubbed as Manuscrypt, which might have been set up utilizing vulnerability in MIIS (Microsoft Internet Information Services) that was patched on June 13, 2017, by Microsoft.