Security News > 2021 > June > Malware Attack on South Korean Entities Was Work of Andariel Group
A malware campaign targeting South Korean entities that came to light earlier this year has been attributed to a North Korean nation-state hacking group called Andariel, once again indicating that Lazarus attackers are following the trends and their arsenal is in constant development.
Designated as part of the Lazarus constellation, Andariel is known for unleashing attacks on South Korean organizations and businesses using specifically tailored methods created for maximum effectivity.
It's worth noting that Andariel has a track record of attempting to steal bank card information by hacking into ATMs to withdraw cash or sell customer information on the black market.
Kaspersky's attribution to Andariel stems from overlaps in the XOR-based decryption routine that have been incorporated into the group's tactics as early as 2018 and in the post-exploitation commands executed on victim machines.
"The Andariel group has continued to focus on targets in South Korea, but their tools and techniques have evolved considerably," Park said.
"The Andariel group intended to spread ransomware through this attack and, by doing so, they have underlined their place as a financially motivated state-sponsored actor."