Lazarus, also known as APT38, a state-sponsored North Korean hacker outfit, has apparently targeted energy companies from all around the world, including the United States, Canada, and Japan.
The campaign, according to Cisco's Talos Intelligence group (opens in new tab), aims to penetrate businesses all over the world in order to get long-term access and later exfiltrate material that is valuable to the nation-state.
The assaults demonstrate once more the harm that North Korea and Lazarus can pose through destabilising activities, despite the fact that the particular targets are yet unknown.
How did the assault operate?
Talos claims that this effort includes using VMWare Horizon's virtual desktop software's vulnerabilities to obtain a foothold in the targeted companies.
The group then implanted proprietary malware, including the HTML bots VSingle and YamaBot, after successfully breaking into the targeted company networks.
In addition to these well-known malware families, they also claimed to have found the use of a "MagicRAT" malware implant, which was previously unknown.
According to reports, a zero-day vulnerability in the widely used Java logging framework Log4j called Log4Shell (CVE-2021-44228), which allows for arbitrary code execution, was used to get initial access to the companies.
Log4Shell had previously been referred to as "the single biggest, most critical vulnerability ever" by the cybersecurity firm Tenable.
North Korea has been linked to assaults on other governments before; security researchers at Kaspersky Lab have connected North Korea to the Wannacry ransomware attack, which rendered 300,000 systems in 150 countries inoperable and caused unprecedented problems for the UK's NHS.
The Lazarus organisation has been very active since its founding in 2010 if nothing else. It has recently been focusing on the blockchain and DeFi industries.
Lazarus was connected to one of the biggest DefI breaches to date, a $615 million attack on the Ronin sidechain, which runs the well-known blockchain-integrated game Axie Infinity.
Are you worried that hackers will infiltrate your company? See our article on the top endpoint security.