Security News > 2021 > February > North Korean hackers find another new target: The defense industry
Kaspersky security researchers have found evidence that the North Korean hacking collective known as Lazarus has added another target to its list of victims: The defense industry, and companies in more than a dozen countries have already been affected.
As previously reported by TechRepublic, Lazarus started off 2021 by targeting security researchers with offers of collaborating on malware research, only to infect victims with malware that could cause the theft of sensitive security-related data.
Point3 Security strategist Chloé Messdaghi said the targeting of security researchers appeared to be an attempt to gain a foothold with people who have government connections, but the reason Lazarus was targeting them is unknown.
This latest attack aimed at defense industry companies is just the latest pivot for Lazarus, which has been active and dangerous since at least 2009, Kaspersky said.
Interestingly enough, said Kaspersky senior security researcher Seongsu Park, ThreatNeedle uses the same backdoor that targeted security researchers in early 2021.
"Not only were they able to overcome network segmentation, but they did extensive research to create highly personalized and effective spearphishing emails and built custom tools to extract the stolen information to a remote server. With industries still dealing with remote work and, thus, still more vulnerable, it is important that organizations take extra security precautions to safeguard against these types of advanced attacks," said Kaspersky security expert Vyacheslav Kopeytsev.
News URL
Related news
- 0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) (source)
- North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign (source)
- North Korean Hackers Target Developers with Malicious npm Packages (source)
- North Korean hackers exploit Chrome zero-day to deploy rootkit (source)
- North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (source)
- North Korean hackers’ social engineering tricks (source)
- North Korean Hackers Targets Job Seekers with Fake FreeConference App (source)
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)