Security News > 2021 > February > North Korean hackers target defense industry with custom malware
A North Korean-backed hacking group has targeted the defense industry with custom backdoor malware dubbed ThreatNeedle since early 2020 with the end goal of collecting highly sensitive information.
ThreatNeedle helped the Lazarus hackers to move laterally throughout the defense orgs' networks and harvest sensitive info that got exfiltrated to attacker-controlled servers using a custom tunneling tool via SSH tunnels to remote compromised South Korean servers.
Throughout their attacks, the hackers were also seen stealing documents and data from both office IT networks and from restricted networks.
While the Lazarus Group has been known for focusing its efforts mainly on targeting worldwide financial institutions, starting with early 2020 when this campaign began, they switched their focus on "Aggressively attacking" defense industry organizations.
The Lazarus hackers repurposed their ThreatNeedle malware for stealing sensitive information as part of targeted espionage attacks.
The Lazarus hackers are also tracked as HIDDEN COBRA by the United States Intelligence Community).
News URL
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- Infostealer malware bypasses Chrome’s new cookie-theft defenses (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)