"Cybercrime Group Lazarus Upgrades its Arsenal with Vyveva Malware"

ESET researchers found a new backdoor that is being used by the Lazarus hacking group in attacks against freight and logistic organizations in South Africa. The malware dubbed Vyveva performs backdoor activities such as exfiltrating files, collecting information from an infected system, and executing arbitrary code through a remote connection to a command-and-control (C2) server. The backdoor malware also connects to its C2 server via the Tor network through the use of fake TLS connections. The researchers believe Vyveva has been active since 2018 even though it was first discovered in June 2020. This article continues to discuss the capabilities and components of Vyveva malware as well as the history and recent activities of the Lazarus hacking group. 

CISO MAG reports "Cybercrime Group Lazarus Upgrades its Arsenal with Vyveva Malware"