Security News > 2022 > September > North Korean cyberespionage actor Lazarus targets energy providers with new malware
Lazarus, also known as Hidden Cobra or Zinc, is a known nation-state cyberespionage threat actor originating from North Korea, according to the U.S. government.
Lazarus could use only VSingle, VSingle and MagicRAT, or a new malware dubbed YamaBot.
Lazarus is a state-sponsored cyberespionage threat actor that has the capability to develop and distribute its own malware families.
In some Lazarus group attacks, MagicRAT has deployed the VSingle malware.
During one particular attack, Lazarus group deployed YamaBot after several attempts to deploy the VSingle malware.
While Talos does not disclose much about the actual targets of this attack campaign, the researchers mention that "Lazarus was primarily targeting energy companies in Canada, the U.S. and Japan. The main goal of these attacks was likely to establish long-term access into victim networks to conduct espionage operations in support of North Korean government objectives. This activity aligns with historical Lazarus intrusions targeting critical infrastructure and energy companies to establish long-term access to siphon off proprietary intellectual property."
News URL
https://www.techrepublic.com/article/lazarus-targets-energy-providers/
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)