Lazarus

Pierluigi Paganini February 29, 2024
Lazarus APT exploited zero-day in Windows driver to gain kernel privileges

North Korea-linked Lazarus APT exploited a zero-day flaw in the Windows AppLocker driver (appid.sys) to gain kernel-level access to target systems. Avast researchers observed North Korea-linked Lazarus APT group using an admin-to-kernel exploit for a zero-day vulnerability in the appid.sys AppLocker driver.  The zero-day, tracked as CVE-2024-21338 has been addressed by Microsoft in the February […]

Pierluigi Paganini November 25, 2023
North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack

UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply-chain attack The National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) released a joint warning that the North Korea-linked Lazarus hacking group is exploiting a zero-day vulnerability in the MagicLine4NX software to carry out […]

Pierluigi Paganini August 24, 2023
Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider

The North Korea-linked Lazarus group exploits a critical flaw in Zoho ManageEngine ServiceDesk Plus to deliver the QuiteRAT malware. The North Korea-linked APT group Lazarus has been exploiting a critical vulnerability, tracked as CVE-2022-47966, in Zoho’s ManageEngine ServiceDesk in attacks aimed at the Internet backbone infrastructure provider and healthcare organizations. The state-sponsored hackers targeted entities […]

Pierluigi Paganini August 23, 2023
FBI identifies wallets holding cryptocurrency funds stolen by North Korea

The U.S. FBI warned that North Korea-linked threat actors may attempt to cash out stolen cryptocurrency worth more than $40 million. The Federal Bureau of Investigation shared details about the activity of six cryptocurrency wallets operated by North Korea-linked threat actors. The wallets hold roughly 1,580 Bitcoin (roughly $41 million at the current rate) that […]

Pierluigi Paganini August 07, 2023
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya

Two North Korea-linked APT groups compromised the infrastructure of the major Russian missile engineering firm NPO Mashinostroyeniya. Cybersecurity firm SentinelOne linked the compromise of the major Russian missile engineering firm NPO Mashinostroyeniya to two different North Korea-linked APT groups. NPO Mashinostroyeniya (JSC MIC Mashinostroyenia, NPO Mash) is a leading Russian manufacturer of missiles and military […]

Pierluigi Paganini May 25, 2023
North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware

North Korea-linked APT group Lazarus actor has been targeting vulnerable Microsoft IIS servers to deploy malware. AhnLab Security Emergency response Center (ASEC) researchers reported that the Lazarus APT Group is targeting vulnerable versions of Microsoft IIS servers in a recent wave of malware-based attacks. Once discovered a vulnerable ISS server, the attackers leverage the DLL side-loading […]

Pierluigi Paganini May 24, 2023
The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

The US Department of the Treasury sanctioned four entities and one individual for their role in cyber operations conducted by North Korea. The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against four entities and one individual for their role in malicious cyber operations conducted to support the government of […]

Pierluigi Paganini April 20, 2023
Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job. North Korea-linked APT group Lazarus is behind a new campaign tracked as Operation DreamJob (aka DeathNote or NukeSped) that employed Linux malware. The threat actors were observed using social engineering techniques to compromise its targets, with fake job offers […]

Pierluigi Paganini April 04, 2023
3CX Supply chain attack allowed targeting cryptocurrency companies

Threat actors behind the 3CX supply chain attack have targeted a limited number of cryptocurrency companies with a second-state implant. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. The products from multiple cybersecurity vendors started detecting the popular […]

Pierluigi Paganini November 16, 2022
Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

North Korea-linked Lazarus APT is using a new version of the DTrack backdoor in attacks aimed at organizations in Europe and Latin America. North Korea-linked APT Lazarus is using a new version of the DTrack backdoor to attack organizations in Europe and Latin America, Kaspersky researchers warn. DTrack is a modular backdoor used by the […]