The North Korean-backed Lazarus hacking group used new malware dubbed Vyveva n targeted attacks against a South African freight logistics company. The malware comes with an extensive set of cyber-espionage capabilities allowing operators to harvest and exfiltrate files from infected systems to servers under their control using the Tor anonymous network as a secure communication channel. The backdoor has support for timestomping commands, which allows its operators to manipulate any file’s date using metadata from other files to hide new or modified files.
Source: https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-new-vyveva-malware-to-attack-freighters/