Security News > 2021 > February > North Korean hackers target defense industry with custom malware
A North Korean-backed hacking group has targeted the defense industry with custom backdoor malware dubbed ThreatNeedle since early 2020 with the end goal of collecting highly sensitive information.
ThreatNeedle helped the Lazarus hackers to move laterally throughout the defense orgs' networks and harvest sensitive info that got exfiltrated to attacker-controlled servers using a custom tunneling tool via SSH tunnels to remote compromised South Korean servers.
Throughout their attacks, the hackers were also seen stealing documents and data from both office IT networks and from restricted networks.
While the Lazarus Group has been known for focusing its efforts mainly on targeting worldwide financial institutions, starting with early 2020 when this campaign began, they switched their focus on "Aggressively attacking" defense industry organizations.
The Lazarus hackers repurposed their ThreatNeedle malware for stealing sensitive information as part of targeted espionage attacks.
The Lazarus hackers are also tracked as HIDDEN COBRA by the United States Intelligence Community).
News URL
Related news
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- 0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- New macOS Malware TodoSwift Linked to North Korean Hacking Groups (source)
- North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign (source)
- New Tickler malware used to backdoor US govt, defense orgs (source)
- New Tickler malware used to backdoor US govt, defense orgs (source)
- South Korean hackers exploited WPS Office zero-day to deploy malware (source)