Cyber Security

Hackers Exploiting VMware Horizon to Target South Korea with NukeSped Backdoor

The North Korea-backed Lazarus Group has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped (aka Manuscrypt) implant against targets located in its southern counterpart.

“The attacker used the Log4j vulnerability on VMware Horizon products that were not applied with the security patch,” AhnLab Security Emergency Response Center (ASEC) said in a new report.

The intrusions are said to have been first discovered in April, although multiple threat actors, including those aligned with China and Iran, have employed the same approach to further their objectives over the past few months.

NukeSped is a backdoor that can perform various malicious activities based on commands received from a remote attacker-controlled domain. Last year, Kaspersky disclosed a spear-phishing campaign aimed at stealing critical data from defense companies using a NukeSped variant called ThreatNeedle.

Some of the key functions of the backdoor range from capturing keystrokes and taking screenshots to accessing the device’s webcam and dropping additional payloads such as information stealers.


The stealer malware, a console-based utility, is designed to exfiltrate accounts and passwords saved in web browsers like Google Chrome, Mozilla Firefox, Internet Explorer, Opera, and Naver Whale as well as information about email accounts and recently opened Microsoft Office and Hancom files.

“The attacker collected additional information by using backdoor malware NukeSped to send command line commands,” the researchers said. “The collected information can be used later in lateral movement attacks.”

Products You May Like

Articles You May Like

Acer Aspire 5 Gaming Laptop With 12th Gen Intel Core i5 Processor, Nvidia GeForce RTX 2050 GPU Launched in India: All Details
Growth in Space Tourism Can Take Toll on Climate, Finds Study
Learn NIST Inside Out With 21 Hours of Training @ 86% OFF
Overview of Top Mobile Security Threats in 2022
YouTube Music Gets an Easy Way to View the ‘Mixed for You’ Playlist, Redesigns the Album UI on Android Tablets

Leave a Reply

Your email address will not be published.