![]() ![]() In 2020, thousands of organizations downloaded a tainted software update of the SolarWinds Orion software, giving the attacker a point of entry into their systems. "This group is careful, calculated, and has demonstrated a desire to maintain access to victim environments for as long as necessary to understand the network layout, required permissions, and system technologies to achieve its goals." UNC2452 (a.k.a Dark Halo, Nobelium, SilverFish, StellarParticle) "APT38 is unique in that they are not afraid to aggressively destroy evidence or victim networks as part of their operations," according to Mandiant Threat Intelligence (FireEye). It spares no effort in its relentless campaigns. Lazarus uses a variety of custom malware families, including backdoors, tunnelers, data miners, and destructive malware, sometimes developed in-house. "This group differs from others because while it is a state-sponsored group, their targets are not state governments, but businesses and sometimes individuals who may have information or access that North Korean spies might want to get their hands on," Adam Kujawa, director of Malwarebytes Labs, says. According to Microsoft, the hackers sent spear-phishing emails that included "fabricated job descriptions," luring their targets into clicking on malicious links. These social engineering skills were put to work during the ongoing COVID-19 health crisis, when pharmaceutical companies, including vaccine makers, became some of Lazarus's most urgent targets. This group has "unlimited resources and very good social engineering skills," Dmitry Galov, security researcher at Kaspersky, says. In recent years, Lazarus started looking into ransomware and cryptocurrency, and it also targeted security researchers to gain information about ongoing vulnerability research. Lazarus has been behind numerous operations in the past decade, starting with DDoS attacks against South Korean websites, then moving on to targeting financial organizations and infrastructure in this country, continuing with the attack on Sony Pictures in 2014, and the launch of the WannaCry ransomware in 2017. Hidden Cobra, Guardians of Peace, APT38, Whois Team, Zinc)Ī group associated with North Korea, Lazarus is known for perhaps the biggest cyber heist of all time: the attack on the Bangladesh Bank, which led to the theft of more than $100 million in February 2016. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |