image
The prolific North Korean APT known as Lazarus is behind a spear-phishing campaign aimed at stealing critical data from defense companies by leveraging an advanced malware called ThreatNeedle, new research has revealed. The elaborate and ongoing cyberespionage campaign used emails with COVID-19 themes paired with publicly available personal information of targets to lure them into taking the malware bait, according to Kaspersky, which first observed the activity in mid-2020. Kaspersky researchers Vyacheslav Kopeytsev and Seongsu Park, in a blog post published Thursday said they identified organizations in more than a dozen countries that were affected in the attacks. They said adversaries were successful at stealing data and transmitting it to remote servers under Lazazrus’ control, they said. The researchers said they have been tracking ThreatNeedle, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped), for about two years and have linked it exclusively to the Lazarus APT. “We named Lazarus the most active group of 2020,” with the “notorious APT targeting various industries” depending on their objective, according to Kaspersky. While previously the group seemed to focus mainly on efforts to secure funding for the regime of Kim Jong-un, its focus has seem to have now shifted to cyberespionage, researchers observed. This is not only evidenced by the campaign against defense companies but also other recent attacks, such as incidents revealed in December aimed at…

Source