CySecurity News – Latest Information Security and Hacking Incidents
According to experts at a cyber security agency, Lazarus, a notable hacking organization with ties to the North Korean government, has been utilizing the Windows Update client to spread malware as part of a new spear-phishing effort.
The North Korean nation-state hacking outfit known as the Lazarus Group, formerly as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, has been operating since at least 2009. The threat actor was tied to a sophisticated social engineering campaign aimed at security experts last year.
The two macro-embedded messages seem to be enticing the targets about new Lockheed Martin job opportunities:
- Lockheed Martin JobOpportunities.docx
- Salary Lockheed Martin job opportunities confidential.doc
Both of these documents were created on April 24, 2020, but enough evidence leads us to believe it was leveraged in a campaign between late December 2021 and early 2022. The threat actor’s domains are one of the pieces of evidence that this attack took place recently. The attack begins with the malicious macros hidden in the Word document being executed.
The malware executes a series of implants in order to gain startup persistence on the target computer and inserts code into the computer’s restart system to ensure a restart does not knock down the virus.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: