![]() They were able to link the malware and attackers’ modus operandi to cyberespionage campaign known as “Operation Troy” in 2009, in which threat actors posing as hacktivists launched DDoS and data destruction attacks on major South Korean banks, media outlets, and other entities to cover the theft of South Korean and the US military secrets. During the investigation the researchers discovered over 40 different malware families. The Lazarus group was first identified in 2016 Novetta’s report detailing “ Operation Blockbuster” - an investigation into the 2014 Sony hack conducted in collaboration with Kaspersky Lab, AlienVault, Symantec, Invincea, ThreatConnect, Volexity, and PunchCyber. The earliest possible attack that can be attributed to this group is the “Operation Flame” which was a large-scale DDoS attack on South Korean government’s website in 2007. Originally a cybercrime collective, Lazarus has become a formidable cyber-adversary over time due to its constantly evolving TTPs (tactics, techniques, and procedures) and malware arsenal. The group is believed to have ties with North Korean government’s Reconnaissance General Bureau. Lazarus Group is also known as Guardians of Peace, Whois Team, and Hidden Cobra, although it should be noted that the US intelligence agencies use the moniker Hidden Cobra to refer to malicious cyber activities by the North Korean government in general. ![]() Active since at least 2009 (and potentially as early as 2007), the group is thought to be behind many high-profile cyberattacks between 20, including $81 million heist from Bangladesh’s central bank, the 2014 destructive viper attack on Sony Pictures Entertainment, the 2017 WannaCry ransomware outbreak, a long-running campaign against South Korean organizations, and more. Lazarus Group is, perhaps, the best-known APT group linked to North Korea. When conducting their operations, North Korean state-backed hackers leverage a wide array of sophisticated techniques, including the exploitation of zero-day vulnerabilities, the use of custom malware tools, as well as destructive malware and ransomware, and clever evasion and persistence mechanisms in order to fly under radar. North Korea-linked advanced persistent threat (APT) groups are considered to be the world’s most advanced threat actors, on par with Russian, Chinese, or Iranian APTs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |