Security News > 2021 > October > North Korean state hackers start targeting the IT supply chain
North Korean-sponsored Lazarus hacking group has switched focus on new targets and was observed by Kaspersky security researchers expanding its supply chain attack capabilities.
Lazarus used a new variant of the BLINDINGCAN backdoor to target a South Korean think tank in June after deploying it to breach a Latvian IT vendor in May. "In the first case discovered by Kaspersky researchers, Lazarus developed an infection chain that stemmed from legitimate South Korean security software deploying a malicious payload," the researchers said.
The same RAT was also deployed by Lazarus when targeting cryptocurrency exchanges and related entities in the past.
More recently, Google spotted Lazarus in January while targeting security researchers in social engineering attacks using elaborate fake "Security researcher" social media personas and in a similar campaign in March.
In June, Kaspersky researchers also saw Lazarus deploying their MATA malware framework that in cyber-espionage campaigns.
"These recent developments highlight two things: Lazarus remains interested in the defense industry and is also looking to expand its capabilities with supply chain attacks," said Ariel Jungheit, a senior security researcher at Kaspersky.
News URL
Related news
- North Korean hackers pave the way for Play ransomware (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Radiant links $50 million crypto heist to North Korean hackers (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)