A new cyber espionage campaign targeting U.S., Canadian and Japanese energy providers has been linked to the Lazarus hacking group.
According to the threat intelligence company, Lazarus was targeting unnamed energy providers in the US, Canada and Japan between February and July this year. The hackers used a year-old vulnerability in Log4j, known as Log4Shell, to compromise internet-exposed VMwareHorizon server to establish an initial footholds onto a victim's enterprise network. Japan's national cyber emergency response team, known as CERT, attributed YamaBot to the LazarusAPT.
The details of this espionage campaign were first revealed by Symanetc in April of this year.
There is a previously unknown remote access trojan called "MagicRAT" attributed to the Lazarus Group.
The main goal of the attacks was to establish long-term access into victim networks to conduct espionage operations for the North Korean government. This activity is similar to historical Lazarus intrusions that targeted critical infrastructure and energy companies.
The high-profile Sony hack in 2016 is one of the reasons why the Lazarus Group is backed by the North Korean state. Efforts to support North Korea's state objectives include military research and development.
It has been linked to the recent theft of hundreds of millions of dollars in cryptocurrencies from two companies.
North Korea's nuclear weapons program has been funded by the theft of other information and the theft of cryptocurrencies.
The U.S. government doubled the reward for information on members of state-sponsored North Korean threat groups in July.
The race is on to patch Log4Shell, the bug that’s breaking the internet
All Rights Reserved © 2024
