Security News > 2021 > February > North Korean hackers target defense industry with custom malware

A North Korean-backed hacking group has targeted the defense industry with custom backdoor malware dubbed ThreatNeedle since early 2020 with the end goal of collecting highly sensitive information.
ThreatNeedle helped the Lazarus hackers to move laterally throughout the defense orgs' networks and harvest sensitive info that got exfiltrated to attacker-controlled servers using a custom tunneling tool via SSH tunnels to remote compromised South Korean servers.
Throughout their attacks, the hackers were also seen stealing documents and data from both office IT networks and from restricted networks.
While the Lazarus Group has been known for focusing its efforts mainly on targeting worldwide financial institutions, starting with early 2020 when this campaign began, they switched their focus on "Aggressively attacking" defense industry organizations.
The Lazarus hackers repurposed their ThreatNeedle malware for stealing sensitive information as part of targeted espionage attacks.
The Lazarus hackers are also tracked as HIDDEN COBRA by the United States Intelligence Community).
News URL
Related news
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- North Korean Lazarus hackers infect hundreds via npm packages (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)