North Korea's Lazarus Group Targets Defense Contractors
Posted by: Timothy Weaver on 08/14/2017 11:05 AM
[
Comments
]
Lazarus, the North Korea-linked cyber espionage group, has been suspected of launching cyber-attacks against U.S. citizens linked to defense contractors.
Researchers have found that the group is sending phishing emails that are loaded with weaponized Microsoft Office documents that use macros to deliver a piece of malware.
To make the campaign appear legitimate, the emails are exact duplicates of job descriptions available on the legitimate company’s website.
“This reuse of macro source code, XOR keys used within the macro to decode implant payloads, and the functional overlap in the payloads the macros write to disk demonstrates the continued use of this tool set by this threat group. The use of an automated tool to build the weaponized documents would explain the common but not consistent reuse of metadata, payloads, and XOR keys within the documents,” researchers explained.
According to Palo Alto Networks, the tactics and tools are similar to other campaigns used by the group. Lazarus is also suspected of being responsible for campaigns against financial institutions including the attack against Bangladesh’s central bank and banks in Poland.
Source: Security Week
Researchers have found that the group is sending phishing emails that are loaded with weaponized Microsoft Office documents that use macros to deliver a piece of malware.To make the campaign appear legitimate, the emails are exact duplicates of job descriptions available on the legitimate company’s website.
“This reuse of macro source code, XOR keys used within the macro to decode implant payloads, and the functional overlap in the payloads the macros write to disk demonstrates the continued use of this tool set by this threat group. The use of an automated tool to build the weaponized documents would explain the common but not consistent reuse of metadata, payloads, and XOR keys within the documents,” researchers explained.
According to Palo Alto Networks, the tactics and tools are similar to other campaigns used by the group. Lazarus is also suspected of being responsible for campaigns against financial institutions including the attack against Bangladesh’s central bank and banks in Poland.
Source: Security Week
Comments
