Category | Details |
---|---|
Threat Actors | • Lazarus Group (linked to North Korean government) |
Campaign Overview | • Targeting the nuclear industry with advanced malware • Fake job postings as part of “Operation DreamJob” |
Target Regions/Victims | • Nuclear industry employees • Previously targeted defense, aerospace, and cryptocurrency sectors |
Methodology | • Fake job postings to distribute malicious files disguised as job assessments • Lateral movement and data exfiltration |
Product Targeted | • Systems within nuclear-related organizations • macOS, Google Chrome, cryptocurrency environments (previous targets) |
Malware Reference | • CookiePlus • RustyAttr • Ranid Downloader • MISTPEN • RollMid • LPEClient • Charamel Loader • ServiceChanger |
Tools Used | • XOR encryption • Ranid Downloader • Modular malware plugins (e.g., CookiePlus) |
Vulnerabilities Exploited | • Google Chrome zero-day • macOS extended attributes (via RustyAttr malware) |
TTPs | • Spear phishing • Memory-based malware • Modular payload delivery • Exploitation of zero-day vulnerabilities |
Attribution | • Kaspersky’s Securelist attributes to Lazarus Group |
Recommendations | • Enhance email security • Apply patches for known vulnerabilities • Monitor for lateral movement • Train employees on phishing risks |
Source | Hackread |
Read full article: https://hackread.com/lazarus-group-nuclear-industry-cookieplus-malware/
The above summary has been generated by an AI language model
Leave a Reply