#110 - Intel Chat: Lazarus Group, tunnelling with QEMU, ScreenConnect & CISA breach

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• North Korean threat actors known as the Lazarus Group exploited a zero-day in the Windows AppLocker driver to gain kernel-level access and turn off security tools, allowing them to bypass noisy Bring Your Own Vulnerable Driver techniques.
• Researchers observed threat actors run the Angry IP Scanner, followed by some Mimikatz functions, and then the kicker, the open-source QEMU hardware emulator and virtualizer.
• Threat actors have been observed installing RMM tools as a means of maintaining persistence within a compromised organization.
• Hackers breached some of the systems belonging to CISA in February through some known vulnerabilities in Ivanti products.