In a new campaign identified by researchers at Kasperskyit was possible to observe how the hacker group known as Lazarus targets a version of software with vulnerabilities that have been reported but do not yet exist patch available.
This new operation, which involves software whose name has not yet been revealed, was used by cybercriminals as an entry point to hack into organizations and encrypt web communications using digital certificates.
On the other hand, this modus operandi would not be new for this North Korean collective. According to the Threat Intelligence Group Mandiant Of Googlethe Asian nation in question uses “Cyber intrusions to conduct both espionage and financial crimes to project power and fund both one’s cyber and kinetic capabilities“.
Under the leadership of the leader Kim Jong-Un, North Korea is affiliated with a number of state-sponsored hacker teams at home and abroad that gather intelligence on allies, enemies and defectors, as well as hack banks and steal cryptocurrency. The United Nations have previously accused the North Korean state of using the stolen funds to finance the country’s long-range missile and nuclear weapons programs, as well as enriching the country’s rulers.
Unpatched software targeted by hackers: here’s what we know about this attack
In this specific case, the hackers implemented a malware SIGNBT to control the victim, applying a tool known as LPEClientpreviously used against targets such as nuclear engineers and in the sector of cryptocurrencies.
Kaspersky said that the developers of the software in question have already fallen victim to Lazarus multiple times. This recurring breach suggests the presence of a persistent and determined threat actor with the likely goal of stealing valuables source code or tamper with the software supply chain.
Seongsu Park, chief security researcher at Kaspersky, said the Lazarus Group’s continued activity is a testament to its advanced capabilities and unwavering motivation. For Park, in fact these hackers “They operate on a global scale, targeting a wide range of industries with a diverse set of tools. This means an ongoing and evolving threat that requires increased vigilance“.
