Security News > 2021 > February > Lazarus Targets Defense Companies with ThreatNeedle Malware

Lazarus Targets Defense Companies with ThreatNeedle Malware
2021-02-26 19:56

The prolific North Korean APT known as Lazarus is behind a spear-phishing campaign aimed at stealing critical data from defense companies by leveraging an advanced malware called ThreatNeedle, new research has revealed.

The elaborate and ongoing cyberespionage campaign used emails with COVID-19 themes paired with publicly available personal information of targets to lure them into taking the malware bait, according to Kaspersky, which first observed the activity in mid-2020.

The researchers said they have been tracking ThreatNeedle, an advanced malware cluster of Manuscrypt, for about two years and have linked it exclusively to the Lazarus APT. "We named Lazarus the most active group of 2020," with the "Notorious APT targeting various industries" depending on their objective, according to Kaspersky.

This is not only evidenced by the campaign against defense companies but also other recent attacks, such as incidents revealed in December aimed at stealing COVID-19 vaccine info and the aforementioned attackson security researchers.

To ensure the emails appeared authentic, attackers registered accounts with a public email service to make sure the sender's email addresses looked similar to the medical center's real email address, and used personal data of the deputy head doctor of the attacked organization's medical center in the email signature.

Attackers eventually were successful with their attack on June 3 when employees opened one of the malicious documents, allowing attackers to gain remote control of the infected system, researchers said.


News URL

https://threatpost.com/lazarus-targets-defense-threatneedle-malware/164321/