Immense notoriety has been gained by a specific group of North Korean threat actors due to the constant barrage of cyberattacks on organizations and businesses across the globe.
In the wake of these attacks, the U.S. Department of Homeland Security (DHS) issued a warning against the new BLINDINGCAN RAT that is being used by the Lazarus hacking group. Boasting of an extensive set of capabilities, this remote access Trojan is being used to launch cyber espionage attacks against organizations operating in the defense and aerospace sectors.
This means that organizations need to be on the lookout for cryptojacking attacks, money laundering schemes, extortion campaigns, and financial theft scams that are executed digitally.
Trends by the hackers
- Since the COVID-19 restrictions were imposed globally, Magecart attacks have witnessed a steady rise. The Lazarus group also is known as the Hidden Cobra or APT38 is believed to be one of the main culprits behind Magecart-style attacks.
- Three of the four cyberwarfare sub-divisions of North Korea’s Bureau 121 operate from countries such as Russia, Malaysia, Belarus, India, and China.
- It’s been noticed that North Korean threat actors usually have two motives – cyberespionage and financial crime to raise money for the Pyongyang government. Some of these cyber crimes include hacking banks, orchestrating ATM cashouts, hacking cryptocurrency exchanges, and running crypto-mining botnets.
Recent attacks to note
- The Lazarus group launched an attack against defense manufacturers and government entities in Israel earlier this month. Leveraging social engineering the campaign dubbed as Operation Dream Job was active since the beginning of the year.
- The defense and aerospace sectors in the U.S. were targeted by North Korea based hackers with fake job offers. The campaign was called Operation North Star, which employed spear-phishing emails to lure victims into opening booby-trapped documents.
- The Lazarus group has also been linked with a new ransomware strain called VHD.
The major takeaway from the list of observations is that this group of threat actors gravitate towards any kind of cybercrime that would generate a humongous profit for them. Moreover, to gain intelligence to benefit the regime’s nuclear ambitions, cyber espionage is a fruitful way that they choose. Thus, it is recommended that organizations and businesses follow cyber hygiene to the tee to keep themselves safe from these malicious attacks.
To read more, please check eScan Blog
