Lazarus Group, the North Korean threat actor, is quickly developing its instruments and strategies as part of a special campaign, DeathNote.
Despite the country’s adversary reputation for consistently singling out the crypto industry, recent attacks have also affected the car, educational, and defense industries in Eastern Europe and other regions worldwide, marking what’s viewed as a “major” change.
In a study released on Wednesday, April 12th, Kaspersky researcher Seongsu Park noted that the attacker had now changed all of the lure documents to descriptions of positions with defense contractors and diplomatic agencies.
In April 2020, it’s said that the targeted deviation and the employment of modernized infection vectors took place. It’s important to note, the DeathNote cluster is also monitored as Operation Dream Job or NukeSped. In addition, a portion of the activity has been linked by Google-owned Mandiant to a group it refers to as UNC2970.
A bit more about the group’s attacks…
As per the October 2021 report by a Russian cybersecurity company, the Lazarus Group’s attacks on the defense sector are linked to their previous strikes on the automotive and educational sectors. The attacks involved using BLINDINGCAN (also known as AIRDRY or ZetaNile) and COPPERHEDGE implants to execute the attacks.
In an alternate attack chain, the threat actor started its malicious routine by using a trojanized version of the widely used PDF reader program SumatraPDF Reader. The Lazarus Group’s use of malicious PDF reader software was previously exposed by Microsoft.
Both a South Korean think tank and a Latvian seller of IT asset monitoring solutions were the targets of these attacks, with the latter involving the misuse of legal security software that is commonly used in that nation to carry out the payloads.
What do experts say?
According to Park, the Lazarus organization is an experienced and well-known threat actor. Enterprises must remain vigilant and take proactive measures to safeguard against the Lazarus Group’s malicious operations as they continue to refine their methods.