Free Phone Consultation For New Clients | CONTACT NOW

APT-C-26 (Lazarus) Analysis Report on E-commerce Attack Activities

In the first half of 2022, 360 Advanced Threat Research Institute discovered malicious activities from the Lazarus threat actor. This activity had Alibaba-related lures and delivers a payload related to the NukeSped family. This attack is highly targeted and concealed. At present, the targeted users are related to the Korean software company Hancom Secure.

Lazarus Group is also related to the Kimsufi malware that was used in attacks against gaming organizations such as Bethesda Softworks, Ubisoft, and other organizations.

In some cases "Lazarus" has been used inaccurately to refer to any group of adversaries. However, this usage is incorrect and not supported by the Advanced Threat Research Institute team at 360.

The German Foreign Office said North Korea was behind a cyberattack that caused a global outage of its public internet sites in August 2017. According to the German Foreign Office, the attack originated from North Korea, and was routed through Russia.

"The New York Times" reported on September 4, 2017, that US intelligence was leaning towards the assessment that North Korea was behind the attack and that it had utilized some kind of new cyberweapon. The newspaper quoted anonymous sources as saying US investigators had found similarities between this attack and previous attacks attributed to North Korean hackers. The malware used in the May 2017 WannaCry ransomware attack also shared several functional similarities with code used by Lazarus Group in early 2016.

Source: APT-C-26 (Lazarus) Analysis Report on E-commerce Attack Activities - AlienVault - Open Threat Exchange

Need secure managed IT services in the Greenville, SC, area?