New Lazarus backdoor.
Researchers at ESET describe "Vyveva," a previously undiscovered backdoor attributed to North Korea's Lazarus Group. The malware was discovered on two servers belonging to a South African freight logistics company and has been in use since 2018, although its delivery mechanism is still unknown.
The researchers explain, "The backdoor features capabilities for file exfiltration, timestomping, gathering information about the victim computer and its drives, and other common backdoor functionality such as running arbitrary code specified by the malware’s operators. This indicates that the intent of the operation is most likely espionage."
ESET attributes the backdoor to Lazarus "with high confidence," stating, "Vyveva shares multiple code similarities with older Lazarus samples that are detected by ESET products as the NukeSped malware family. However, the similarities do not end there: the use of fake TLS in network communication, command line execution chains, and the way of using encryption and Tor services all point towards Lazarus."
Myanmar shuts down Internet.
Myanmar's junta last Friday shut down Internet access across the entire country, WIRED reports. The Associated Press says the authorities are also confiscating satellite dishes used to access international news sources. Reuters notes that Internet access in the country has been sporadic ever since the military coup on February 1st, and it's not clear how long the shutdown will last.