Breach, Security Staff Acquisition & Development, Vulnerability Management
Lazarus APT group examined
ZDNet reports that the North Korean state-sponsored hacking group Lazarus has not only been engaging in social engineering attacks on LinkedIn but also targeting U.S. defense contractors through WhatsApp and deploying the malicious LCPDot downloader.
Lazarus has engaged in a recent campaign that involved the impersonation of Lockheed Martin employees on LinkedIn to lure targets into downloading documents on a website spoofing a government and defense recruitment site, an NCC Group report revealed.
"In order to subvert security controls in the recent changes made by Microsoft for Office macros, the website hosted a ZIP file which contained the malicious document," said NCC Group.
Meanwhile, a LCPDot download variant examined by researchers was found to receive and decrypt payloads once a compromised host is registered in a command-and-control server.
The findings come after the $600 million Axie Infinity hack in March was attributed to Lazarus. Google also reported in March a widespread Lazarus campaign targeted at the media and tech industries.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds