Experts Reveal How ‘Lazarus’ Attacks Aerospace, Defense Contractors
ESET specialists presented an investigation into the APT Lazarus group and its attack on defense contractors around the world between the end of 2021 and March 2022.For fake recruitment campaigns, they used services like LinkedIn and WhatsApp. According to the US government, Lazarus is linked to the North Korean regime.
Jean-Ian Boutin, ESET Threat Research Director reviewed new campaigns perpetrated by the Lazarus group against defense contractors around the world between the end of 2021 and March 2022.
Lazarus targeted companies in Europe (France, Italy, Germany, the Netherlands, Poland, and Ukraine) and Latin America (Brazil) from 2021-2022, according to the ESET report. Despite the fact that the main objective of this Lazarus operation is cyber espionage, the group also tried to extract money from the prey, but without success.
In Jean-Ian Boutin’s words: “The Lazarus threat group showed their ingenuity by implementing an interesting set of tools, including, for example, a user-mode component capable of exploiting a vulnerable Dell driver to write to kernel memory. This advanced hack was used in an attempt to bypass monitoring by security solutions”.
During 2020, ESET specialists had documented a campaign carried out by a Lazarus subgroup against European aerospace and defense contractors, ESET called Operation In(ter)ception.
This campaign was notable in that it used social media, especially LinkedIn, to build trust between the attacker and an unsuspecting employee before sending them malicious components disguised as job descriptions or applications.
At that time, companies from Brazil, the Czech Republic, Qatar, Turkey and Ukraine had already been attacked.
The ESET research team believed that the action was primarily aimed at targeting European companies, but tracking various Lazarus subgroups conducting similar campaigns against defense contractors, they soon realized that the campaign went much further.
Although the types of malware used in the various campaigns were different, the initial modus operandi was always the same: a fake recruiter contacted an employee through LinkedIn and ultimately sent malicious components.
In this sense, the group continued with the same methodology as in the past. However, ESET documented the reuse of legitimate recruitment campaign elements to add legitimacy to their fake recruiters' campaigns. Furthermore, the attackers used services such as WhatsApp or Slack in their malicious campaigns.
In 2021, the US Department of Justice charged three IT programmers with cyberattacks while working for the North Korean military.
According to the US government, they belonged to the North Korean military hacker unit known in the information security community as the Lazarus Group.
Along with the new research from Lazarus, during the annual conference, ESET presented its report on “Cyber warfare past and present in Ukraine”.
Also, Robert Lipovský, ESET researcher took an in-depth look at cyber warfare during Russia's war against Ukraine, including the latest attempt to disrupt the country's power grid using Industroyer2 and various wiper attacks.
Commenting on this matter, the Managing Director of ESET West Africa (Anglophone), Mr. Olufemi Ake, stated that: “The Lazarus group is a menacing Advanced Persistent Threat (APT) that must not be taken with levity. Its footprints in Africa are becoming more eminent and its tactics - more intelligent. It's high time that organizations and government bodies adhered strictly to security compliance policies, and train employees on safe practices in the cyberspace.”
Alongside the ESET research team, Canadian astronaut Chris Hadfield, former Commander of the International Space Station and a key figure in ESET's Progress Protected campaign, joined ESET CEO Richard Marko to discuss the intricacies of the technology, science and life.
For more than 30 years, ESET has been developing industry-leading IT security software and services to protect businesses, critical infrastructure and consumers worldwide from increasingly sophisticated digital threats.
From endpoint and mobile security to endpoint detection and response, as well as encryption and multifactor authentication, ESET’s high performing, easy-to-use solutions unobtrusively protect and monitor 24/7, updating defenses in real time to keep users safe and businesses running without interruption.