Lazarus

Pierluigi Paganini August 19, 2024
Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT

Microsoft addressed a zero-day vulnerability actively exploited by the North-Korea-linked Lazarus APT group. Microsoft has addressed a zero-day vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), which has been exploited by the North Korea-linked Lazarus APT group. The vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), is a privilege escalation issue that resides in the Windows Ancillary Function Driver (AFD.sys) for […]

Pierluigi Paganini April 23, 2024
North Korea-linked APT groups target South Korean defense contractors

The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities. The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities to steal defense technology information. North Korea-linked APT groups Lazarus, Andariel, and Kimsuky hacked multiple defense companies in South […]

Pierluigi Paganini February 29, 2024
Lazarus APT exploited zero-day in Windows driver to gain kernel privileges

North Korea-linked Lazarus APT exploited a zero-day flaw in the Windows AppLocker driver (appid.sys) to gain kernel-level access to target systems. Avast researchers observed North Korea-linked Lazarus APT group using an admin-to-kernel exploit for a zero-day vulnerability in the appid.sys AppLocker driver.  The zero-day, tracked as CVE-2024-21338 has been addressed by Microsoft in the February […]

Pierluigi Paganini November 25, 2023
North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack

UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply-chain attack The National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) released a joint warning that the North Korea-linked Lazarus hacking group is exploiting a zero-day vulnerability in the MagicLine4NX software to carry out […]

Pierluigi Paganini August 24, 2023
Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider

The North Korea-linked Lazarus group exploits a critical flaw in Zoho ManageEngine ServiceDesk Plus to deliver the QuiteRAT malware. The North Korea-linked APT group Lazarus has been exploiting a critical vulnerability, tracked as CVE-2022-47966, in Zoho’s ManageEngine ServiceDesk in attacks aimed at the Internet backbone infrastructure provider and healthcare organizations. The state-sponsored hackers targeted entities […]

Pierluigi Paganini August 23, 2023
FBI identifies wallets holding cryptocurrency funds stolen by North Korea

The U.S. FBI warned that North Korea-linked threat actors may attempt to cash out stolen cryptocurrency worth more than $40 million. The Federal Bureau of Investigation shared details about the activity of six cryptocurrency wallets operated by North Korea-linked threat actors. The wallets hold roughly 1,580 Bitcoin (roughly $41 million at the current rate) that […]

Pierluigi Paganini August 07, 2023
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya

Two North Korea-linked APT groups compromised the infrastructure of the major Russian missile engineering firm NPO Mashinostroyeniya. Cybersecurity firm SentinelOne linked the compromise of the major Russian missile engineering firm NPO Mashinostroyeniya to two different North Korea-linked APT groups. NPO Mashinostroyeniya (JSC MIC Mashinostroyenia, NPO Mash) is a leading Russian manufacturer of missiles and military […]

Pierluigi Paganini May 25, 2023
North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware

North Korea-linked APT group Lazarus actor has been targeting vulnerable Microsoft IIS servers to deploy malware. AhnLab Security Emergency response Center (ASEC) researchers reported that the Lazarus APT Group is targeting vulnerable versions of Microsoft IIS servers in a recent wave of malware-based attacks. Once discovered a vulnerable ISS server, the attackers leverage the DLL side-loading […]

Pierluigi Paganini May 24, 2023
The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

The US Department of the Treasury sanctioned four entities and one individual for their role in cyber operations conducted by North Korea. The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against four entities and one individual for their role in malicious cyber operations conducted to support the government of […]

Pierluigi Paganini April 20, 2023
Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job. North Korea-linked APT group Lazarus is behind a new campaign tracked as Operation DreamJob (aka DeathNote or NukeSped) that employed Linux malware. The threat actors were observed using social engineering techniques to compromise its targets, with fake job offers […]