North Korean hacking group targets defense contractors
A North Korean hacking group appears to be targeting U.S. defense contractors in a new malware campaign using infected documents containing fake job listings.
The Lazarus Group, a sophisticated hacking group tied to North Korea’s principal intelligence agency, has been sending malicious documents with fake job opportunities to aerospace and defense contractor Lockheed Martin, according to Malwarebytes Labs, a cybersecurity research firm.
The Lazarus Group, active since 2009, is blamed for the 2014 attack on Sony Pictures, the 2017 WannaCry ransomware campaign, and a handful of other high-profile cyberattacks.
Lazarus is an advanced and sophisticated hacking team “known to target the defense industry,” Malwarebytes researchers wrote. “The group keeps updating its toolset to evade security mechanisms.”
The Lazarus campaign, identified by Malwarebytes in mid-January, appears to be targeting specific companies using an attack method called spear-phishing, the cybersecurity firm said. The attack compromises the Windows Update process to evade antivirus protection, and it used an account on the GitHub software development platform to control the malware, the cybersecurity firm said.
It’s unclear what the hackers were looking for in the targeted systems. Some cybersecurity experts suggest the motive could be espionage, while others believe the goal could be to steal credit card numbers and other personal information.
The group may be gathering information about people working at defense contractors, said Allan Buxton, director of forensics at Secure Data Recovery Services.
“Lazarus has its hands in a lot of different attacks, either attempting to profit from information gained or stealing funds directly,” he told the Washington Examiner. “Targeting Lockheed reads more as an attempt either to gain information about an adversary or to discredit them and remove them from the opposition’s use.”
The attacks were likely looking for targets who had security clearances from Western governments, added Greg Otto, a researcher at cybercrime intelligence provider Intel 471. “From…
