Lazarus Targets Job-Seeking Engineers with Malicious Documents

The notorious Lazarus advanced persistent threat (APT) group has been identified as the cybergang behind a campaign spreading malicious documents to job-seeking engineers. The ploy involves impersonating defense contractors seeking job candidates. Researchers have been tracking Lazarus activity for months Read More …

NukeSped Copies Fileless Code From Bundlore, Leaves It Unused

While investigating samples of NukeSped, a remote access trojan (RAT), Trend Micro came across several Bundlore adware samples using the same fileless routine that was spotted in NukeSped. The backdoor has been attributed to the cybercriminal group Lazarus, which has Read More …

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. While we were doing our research into these findings, Malwarebytes published a nice report Read More …

North Korean hackers behind CryptoCore multi-million dollar heists

Security researchers piecing together evidence from multiple attacks on cryptocurrency exchanges, attributed to a threat actor they named CryptoCore have established a strong connection to the North Korean state-sponsored group Lazarus. The group is believed to have stolen hundreds of Read More …

Vyveva: Lazarus hacking group’s latest weapon strikes South African freight

Researchers have discovered a new backdoor employed by the Lazarus hacking group in targeted attacks against the freight industry. On Thursday, ESET said the new backdoor malware, dubbed Vyveva, was traced in an attack against a South African freight and Read More …

Lazarus targets defense industry with ThreatNeedle

We named Lazarus the most active group of 2020. We’ve observed numerous activities by this notorious APT group targeting various industries. The group has changed target depending on the primary objective. Google TAG has recently published a post about a Read More …

U.S. Accuses North Korean Hackers of Stealing Millions

The U.S. Department of Justice has indicted three North Korean computer programmers for their alleged participation in widespread, destructive cyberattacks as part of the advanced persistent threat (APT) known as Lazarus Group. The indictment broadens the scope of crimes that Read More …

Hacking group also used an IE zero-day against security researchers

An Internet Explorer zero-day vulnerability has been discovered used in recent North Korean attacks against security and vulnerability researchers. Last month, Google disclosed that the North Korean state-sponsored hacking group known as Lazarus was conducting social engineering attacks against security Read More …