Security News > 2021 > March > North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware
A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry.
The next-stage malware functions by embedding its malicious capabilities inside a Windows backdoor that offers features for initial reconnaissance and deploying malware for lateral movement and data exfiltration.
Kaspersky found overlaps between ThreatNeedle and another malware family called Manuscrypt that has been used by Lazarus Group in previous hacking campaigns against the cryptocurrency and mobile games industries, besides uncovering connections with other Lazarus clusters such as AppleJeus, DeathNote, and Bookcode.
Interestingly, Manuscrypt was also deployed in a Lazarus Group operation last month, which involved targeting the cybersecurity community with opportunities to collaborate on vulnerability research, only to infect victims with malware that could cause the theft of exploits developed by the researchers for possibly undisclosed vulnerabilities, thereby using them to stage further attacks on vulnerable targets of their choice.
Earlier this month, three North Korean hackers associated with the military intelligence division of North Korea were indicted by the U.S. Justice Department for allegedly taking part in a criminal conspiracy that attempted to extort $1.3 billion in cryptocurrency and cash from banks and other organizations around the world.
"While Lazarus has also previously utilized the ThreatNeedle malware used in this attack when targeting cryptocurrency businesses, it is currently being actively used in cyberespionage attacks."
News URL
Related news
- Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)