• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Lazarus Group’s DeathNote Campaign Reveals Shift in Targets

You are here: Home / General Cyber Security News / Lazarus Group’s DeathNote Campaign Reveals Shift in Targets
April 12, 2023

The North Korean menace actor regarded as Lazarus Group has been noticed switching targets and refining their techniques as part of a marketing campaign dubbed “DeathNote” by Kaspersky.

Describing the discovering in an advisory published previously today, Kaspersky’s senior security researcher Seongsu Park claimed the staff has been tracking the campaign, also recognized as Operation DreamJob or NukeSped, given that 2019.

“The malware author employed decoy documents that were associated to the cryptocurrency enterprise, these kinds of as a questionnaire about obtaining certain cryptocurrency, an introduction to a particular cryptocurrency, and an introduction to a bitcoin mining firm,” Park spelled out.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


On the other hand, Kaspersky uncovered a sizeable change in the attack’s targets as nicely as up-to-date an infection vectors in April 2020.

“Our analysis showed that the DeathNote cluster was utilised to focus on the automotive and academic sectors in Jap Europe, equally of which are related to the protection market,” reads the advisory. “At this position, the actor switched all the decoy files to task descriptions relevant to protection contractors and diplomatic providers.”

The infection chain was also refined, relying not only on the distant template injection method in weaponized paperwork but also on trojanized open up-resource PDF viewer software package.

In Might 2021, the DeathNote campaign then began targeting an IT organization in Europe that supplied remedies for monitoring network units and servers and various targets in South Korea.

“One detail that caught our notice was that the preliminary stage of the malware was executed by reputable security software that is extensively utilized in South Korea,” Park explained. “Almost just one 12 months later on, in March 2022, we discovered that the same security method experienced been exploited to propagate related downloader malware to a number of victims in South Korea.”

Study extra on comparable attacks listed here: Lazarus Team Targets South Korean Finance Company Via Zero-Day Flaw

About the very same time, Kaspersky also learned the very same backdoor was applied to compromise a defense contractor in Latin The usa.

“In July 2022, we noticed that the Lazarus group had productively breached a defense contractor in Africa,” Park added. “This attack heavily relied on the exact same DLL side-loading approach that we noticed in the preceding circumstance. The payload that was to begin with implanted and executed by the PDF reader was responsible for gathering and reporting the victim’s information and facts.”

Thanks to the investigation into the DeathNote campaign, Kaspersky said it received comprehensive data regarding the Lazarus Group’s article-exploitation strategy.

“Our assessment of the DeathNote cluster reveals a immediate evolution in its practices, procedures and methods around the a long time,” concluded Park. “By keeping informed and employing strong security measures, organizations can cut down the risk of slipping target to this perilous adversary.”

The Kaspersky advisory comes a couple of months immediately after security researchers at WithSecure claimed observing an “operational security mistake” by the Lazarus Group all through an attack on targeted study, healthcare and strength sector businesses.


Some pieces of this article are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Emotet Climbs March 2023’s Most Wanted Malware List With OneNote Campaign
Next Post: CISA Updates Zero Trust Maturity Model With Public Feedback Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.