Press ESC to close

Lazarus Group Targets Nuclear Industry with CookiePlus Malware

Category Details
Threat Actors • Lazarus Group (linked to North Korean government)
Campaign Overview • Targeting the nuclear industry with advanced malware
• Fake job postings as part of “Operation DreamJob”
Target Regions/Victims • Nuclear industry employees
• Previously targeted defense, aerospace, and cryptocurrency sectors
Methodology • Fake job postings to distribute malicious files disguised as job assessments
• Lateral movement and data exfiltration
Product Targeted • Systems within nuclear-related organizations
• macOS, Google Chrome, cryptocurrency environments (previous targets)
Malware Reference • CookiePlus
• RustyAttr
• Ranid Downloader
• MISTPEN
• RollMid
• LPEClient
• Charamel Loader
• ServiceChanger
Tools Used • XOR encryption
• Ranid Downloader
• Modular malware plugins (e.g., CookiePlus)
Vulnerabilities Exploited • Google Chrome zero-day
• macOS extended attributes (via RustyAttr malware)
TTPs • Spear phishing
• Memory-based malware
• Modular payload delivery
• Exploitation of zero-day vulnerabilities
Attribution • Kaspersky’s Securelist attributes to Lazarus Group
Recommendations • Enhance email security
• Apply patches for known vulnerabilities
• Monitor for lateral movement
• Train employees on phishing risks
Source Hackread 

Read full article: https://hackread.com/lazarus-group-nuclear-industry-cookieplus-malware/

The above summary has been generated by an AI language model

Source: Hackread

Published on: December 24, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *