DTrack backdoor targeted Europe and Latin America

According to a new advisory by Kaspersky, DTrack has been used in financial environments to breach ATMs, in ransomware attacks and in campaigns against a nuclear power plant in India.

DTrack backdoor massively used by North Korean Lazarus group from long time. Lazarus group used this tool previously for ransomware and financial environment basically they used it for financial gain and it has capability of upload and download things, start or delete file and execute files it has a keylogger built in which help to collect user information.
DTrack changed a lot from its original version over the time and not it is a multi stage payload which hide itself in a normal executable and having several stage before the original payload get executed.

According to KSN telemetry, we have detected DTrack activity in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey and the United States, indicating that DTrack is spreading into more parts of the world. The targeted sectors are education, chemical manufacturing, governmental research centers and policy institutes, IT service providers, utility providers and telecommunications.

The DTrack backdoor continues to be used actively by the Lazarus group. Modifications in the way the malware is packed show that Lazarus still sees DTrack as an important asset. Despite this, Lazarus has not changed the backdoor much since 2019, when it was initially discovered. When the victimology is analyzed, it becomes clear that operations have expanded to Europe and Latin America, a trend we’re seeing more and more often.

 

 

No comments:

Canada Bans TikTok: Exploring the National Security Risks Behind the Shutdown

Canada’s Decision to Dissolve TikTok Technology Canada In a landmark decision, the Canadian government has ordered the shutdown of TikTok Te...