Security News > 2021 > October > North Korean state hackers start targeting the IT supply chain

North Korean-sponsored Lazarus hacking group has switched focus on new targets and was observed by Kaspersky security researchers expanding its supply chain attack capabilities.

Lazarus used a new variant of the BLINDINGCAN backdoor to target a South Korean think tank in June after deploying it to breach a Latvian IT vendor in May. "In the first case discovered by Kaspersky researchers, Lazarus developed an infection chain that stemmed from legitimate South Korean security software deploying a malicious payload," the researchers said.

The same RAT was also deployed by Lazarus when targeting cryptocurrency exchanges and related entities in the past.

More recently, Google spotted Lazarus in January while targeting security researchers in social engineering attacks using elaborate fake "Security researcher" social media personas and in a similar campaign in March.

In June, Kaspersky researchers also saw Lazarus deploying their MATA malware framework that in cyber-espionage campaigns.

"These recent developments highlight two things: Lazarus remains interested in the defense industry and is also looking to expand its capabilities with supply chain attacks," said Ariel Jungheit, a senior security researcher at Kaspersky.

News URL

https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-start-targeting-the-it-supply-chain/