| Category | Details |
|---|---|
| Threat Actors | • Lazarus Group • Andariel (North Korean state-backed groups) |
| Campaign Overview | • Targeted employees of a “nuclear-related” organization • Financial gain and espionage motivations |
| Target Regions/Victims | • Employees in sensitive industries, specifically nuclear-related organizations |
| Methodology | • Trojanized virtual network computing (VNC) utilities disguised as job assessment tests • Complex infection chains |
| Product Targeted | • Domestic asset management software • Document centralization solutions |
| Malware Reference | • CookieTime • CookiePlus • SmallTiger |
| Tools Used | • Modular malware • Downloader, loader, and backdoor components |
| Vulnerabilities Exploited | • Unknown specific vulnerabilities but targeting sensitive industries and asset management solutions |
| TTPs | • Fake job postings • Spear phishing • Modular malware with evolving plugins |
| Attribution | • Lazarus Group and Andariel (linked to North Korean government) |
| Recommendations | • Employ robust endpoint protection • Regular security awareness training • Patch vulnerable systems • Monitor for lateral movement and unusual activity |
| Source | The Record |
Read full article: https://therecord.media/lazarus-group-new-tools-kaspersky
The above summary has been generated by an AI language model
Leave a Reply