• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Lazarus Group’s DeathNote Campaign Reveals Shift in Targets

You are here: Home / General Cyber Security News / Lazarus Group’s DeathNote Campaign Reveals Shift in Targets
April 12, 2023

The North Korean menace actor regarded as Lazarus Group has been noticed switching targets and refining their techniques as part of a marketing campaign dubbed “DeathNote” by Kaspersky.

Describing the discovering in an advisory published previously today, Kaspersky’s senior security researcher Seongsu Park claimed the staff has been tracking the campaign, also recognized as Operation DreamJob or NukeSped, given that 2019.

“The malware author employed decoy documents that were associated to the cryptocurrency enterprise, these kinds of as a questionnaire about obtaining certain cryptocurrency, an introduction to a particular cryptocurrency, and an introduction to a bitcoin mining firm,” Park spelled out.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


On the other hand, Kaspersky uncovered a sizeable change in the attack’s targets as nicely as up-to-date an infection vectors in April 2020.

“Our analysis showed that the DeathNote cluster was utilised to focus on the automotive and academic sectors in Jap Europe, equally of which are related to the protection market,” reads the advisory. “At this position, the actor switched all the decoy files to task descriptions relevant to protection contractors and diplomatic providers.”

The infection chain was also refined, relying not only on the distant template injection method in weaponized paperwork but also on trojanized open up-resource PDF viewer software package.

In Might 2021, the DeathNote campaign then began targeting an IT organization in Europe that supplied remedies for monitoring network units and servers and various targets in South Korea.

“One detail that caught our notice was that the preliminary stage of the malware was executed by reputable security software that is extensively utilized in South Korea,” Park explained. “Almost just one 12 months later on, in March 2022, we discovered that the same security method experienced been exploited to propagate related downloader malware to a number of victims in South Korea.”

Study extra on comparable attacks listed here: Lazarus Team Targets South Korean Finance Company Via Zero-Day Flaw

About the very same time, Kaspersky also learned the very same backdoor was applied to compromise a defense contractor in Latin The usa.

“In July 2022, we noticed that the Lazarus group had productively breached a defense contractor in Africa,” Park added. “This attack heavily relied on the exact same DLL side-loading approach that we noticed in the preceding circumstance. The payload that was to begin with implanted and executed by the PDF reader was responsible for gathering and reporting the victim’s information and facts.”

Thanks to the investigation into the DeathNote campaign, Kaspersky said it received comprehensive data regarding the Lazarus Group’s article-exploitation strategy.

“Our assessment of the DeathNote cluster reveals a immediate evolution in its practices, procedures and methods around the a long time,” concluded Park. “By keeping informed and employing strong security measures, organizations can cut down the risk of slipping target to this perilous adversary.”

The Kaspersky advisory comes a couple of months immediately after security researchers at WithSecure claimed observing an “operational security mistake” by the Lazarus Group all through an attack on targeted study, healthcare and strength sector businesses.


Some pieces of this article are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Emotet Climbs March 2023’s Most Wanted Malware List With OneNote Campaign
Next Post: CISA Updates Zero Trust Maturity Model With Public Feedback Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Severe Flaw in Google Cloud’s Cloud SQL Service Exposed Confidential Data
  • New Russian-Linked Malware Poses “Immediate Threat” to Energy Grids
  • Predator Android Spyware: Researchers Sound the Alarm on Alarming Capabilities
  • 5 Must-Know Facts about 5G Network Security and Its Cloud Benefits
  • Romania’s Safetech Leans into UK Cybersecurity Market
  • New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids
  • Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances
  • Advanced Phishing Attacks Surge 356% in 2022
  • Expo Framework API Flaw Reveals User Data in Online Services
  • NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure

Copyright © TheCyberSecurity.News, All Rights Reserved.