The prolific North Korean APT known as Lazarus is behind a spear-phishing campaign aimed at stealing critical data from defense companies by leveraging an advanced malware called ThreatNeedle, new research has revealed. The elaborate and ongoing cyberespionage campaign used emails with COVID-19 themes paired with publicly available personal information of targets to lure them into taking the malware bait, according to Kaspersky, which first observed the activity in mid-2020. Kaspersky researchers Vyacheslav Kopeytsev and Seongsu Park, in a blog post published Thursday said they identified organizations in more than a dozen countries that were affected in the attacks. They said adversaries were successful at stealing data and transmitting it to remote servers under Lazazrus’ control, they said. The researchers said they have been tracking ThreatNeedle, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped), for about two years and have linked it exclusively to the Lazarus APT. “We named Lazarus the most active group of 2020,” with the “notorious APT targeting various industries” depending on their objective, according to Kaspersky. While previously the group seemed to focus mainly on efforts to secure funding for the regime of Kim Jong-un, its focus has seem to have now shifted to cyberespionage, researchers observed. This is not only evidenced by the campaign against defense companies but also other recent attacks, such as incidents revealed in December aimed at…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-02-26 14:56:002021-02-26 14:56:00Lazarus Targets Defense Companies with ThreatNeedle Malware
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com