You might have missed it because of everything happening with Corona and the Monkeypox virus, but there is another virus active on the market, the Lazarus. The Lazarus virus is a group of hackers, who might’ve been active for longer than you’d think. The earliest attack that we know the group was responsible for, is known as “Operation Troy”. This attack began in 2009 through 2012. Though rumor has it that they might’ve already been plaguing South-Korea since 2007 with DDos attacks. The WannaCry attack is one I think they’re very proud of.
Moreover it is becoming clear that this “small group” from North-Korea is using increasingly sophisticated techniques in its attacks and that the group is becoming more and more advanced over time. Allegedly the group currently has over 6.000 members, increasing by the day!
Recently it has been discovered that these (state)hackers have had access to the computer systems of Dutch companies from the air, aerospace and defense sectors for months without anyone noticing. The primary goal of this operation was to obtain as much important information and sensitive data as possible. No ransomware, packing and blackmail, it was all for knowledge. After all, knowledge is power too.
With VDSS and TSMS situations like this are avoidable, you can simply detect unidentified “guests” and viruses that are snooping at your files, both on the servers and the workstations. This way you immediately get alerted when the intruder opens the first file, rather than giving him months to collect data. You can easily link it to your SIEM, so that you can accurately detect if such a group is active yourself.