They use various technics, including spear phishing, supply-chain attacks, waterhole attacks, and zero-day vulnerability exploitation.They observe the targets’ activities and find the best attack time. The group determines potential targets and gathers information about their infrastructure, security posture, and employees. Lazarus group plans sophisticated and focused attacks against potential victims.Lazarus group’s attack pattern can vary depending on the specific attacks, although they generally follow similar steps. Attacks became more destructive due to an ever-evolving arsenal of malware and TTPs. Lazarus group has evolved its strategy over time since its first attacks, which consisted of DDoS operations against various organizations in different industries. They also target journalists, human rights organizations, North Korean defectors, and any group that might criticize the DPRK. Publishing Industries (except Internet).Commodity Contracts Intermediation (CryptoCurrency & NFT Market).Computer and Electronic Product Manufacturing.National Security and International Affairs.Justice, Public Order, and Safety Activities.In addition to bank robberies, cryptocurrency theft, and ransomware attacks for financial gain, it carries out attacks against precisely selected targets in areas where it can obtain strategically important intelligence, such as energy, aviation, and defense. Its primary objectives include information theft, money extortion, espionage, sabotage, and disruption. Lazarus group has a broader range of operations than other nation-state threat actors. Targeted Countries by Lazarus APT Group (Source: SOCRadar) Other countries among its targets are Afghanistan, Australia, Austria, Bangladesh, Belgium, Brazil, Brazil, Canada, China, France, Germany, Guatemala, Hong Kong, India, Italy, Japan, Mexico, Netherlands, New Zealand, Poland, Russian Federation, Saudi Arabia, Spain, Switzerland, Thailand, Türkiye and the United Kingdom. Lazarus group’s activities are aligned with North Korea’s political interests. Uncertainties exist over the Lazarus group’s composition due to clusters like “ Bluenoroff” and “ Andariel,” which are classified as sub-groups, “ TEMP.Hermit,” with which it shares code, and “ Kimsuky,” with which its operations overlap. By tracking the malware and the attackers’ modus operandi, researchers could identify the activities of the Lazarus group as far back as 2009 (possibly 2007).īecause North Korean threat actors tend to share their infrastructure, code, and resources, defining the Lazarus group’s boundaries is challenging. During the investigation, various malware was found associated with the malware used in the Sony Pictures attack. Lazarus group was first identified and named in the ‘ Operation BlockBuster’ report (2016) published by a consortium of security firms led by Novetta to investigate the Sony Pictures Entertainment attack in 2014. SOCRadar XTI Platform, Threat Actor/Malware Module government issued a joint technical alert (TA17-164A), based on analysis by the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS), that identified Hidden Cobra as a “North Korean state-sponsored malicious cyber organization.” The Lazarus Group is attributed to the Reconnaissance General Bureau (RGB) of the Democratic People’s Republic of Korea (DPRK). The Lazarus Group is known by many names, including Hidden Cobra, Zinc, APT-C-26, Guardians of Peace, Group 77, Who Is Hacking Team, Stardust Chollima, and Nickel Academy, among other titles. Lazarus group, apart from the majority of other nation-state threat actors, is an Advanced Persistent Threat (APT) actor that prioritizes financial gain as well as political objectives. While financial gain is among their motivations, it is not usually at the top of the list. They sabotage, engage in espionage, and steal sensitive information to supply strategic and economic information to their home countries for political or national security reasons. Nation-state threat actors are cyber threat groups operating in states’ interests.
0 kommentar(er)
