Security News > 2020 > November > Lazarus Group Targets South Korea via Supply Chain Attack
The North Korea-linked threat actor known as Lazarus has been targeting users in South Korea through a supply chain attack that involves software typically required by government and financial organizations, ESET reported on Monday.
Lazarus is the most well known hacker group that is believed to be operating on behalf of the North Korean government, with attacks ranging from espionage to profit-driven operations.
Unsurprisingly, many of the group's operations are aimed at South Korea, including an interesting attack that was observed in recent months by ESET. The campaign, believed to be part of an operation dubbed BookCodes by the Korea Internet & Security Agency, has been linked to Lazarus based on various aspects, including the malware used in the attacks, victimology, and the infrastructure leveraged by the attackers.
For the attack to work, the hackers needed to sign their malware and in some cases they achieved this by abusing code-signing certificates issued to companies that provide physical and cyber security solutions.
ESET noted that for the attack to succeed, the targeted web server needs to be configured in a certain way, which is why its experts say this malware delivery method has only been used in limited Lazarus operations.
News URL
Related news
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor (source)
- North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (source)
- New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (source)