Here’s How The Lazarus Hackers Start Their Attacks

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

The Lazarus hacking group is one of the top cybersecurity threats from North Korea, recently catching the attention of the US government for massive cryptocurrency heists. 

Now researchers at NCCGroup have pieced together a few of the tools and techniques Lazarus hackers have been using recently, including social engineering on LinkedIn, messaging US defense contractor targets on WhatsApp, and installing the malicious downloader LCPDot. 

NCCGroup’s findings build on what’s already known about Lazarus hackers. The group, and its sub groups, are known to have used LinkedIn for tricking targets into installing malicious files such as Word documents with hidden macros. 

SEE: Google: Multiple hacking groups are using the war in Ukraine as a lure in phishing attempts

In February, researchers at Qualys found the group impersonating defense contractor Lockheed Martin, using its name as a lure for job opportunities in laced Word documents. The documents contained malicious macros to install malware and relied on Scheduled Tasks to persist on a system.         

Lazarus historically has used LinkedIn as a preferred social network to contact professionals with job offers. In 2020, researchers at F-Secure found the group attempting to recruit a system administrator with a phishing document sent to the target’s LinkedIn account regarding a blockchain company seeking a new sysadmin. 

In April, US Treasury linked Lazarus to a $600 million heist in March from the blockchain network behind the play-to-earn game Axie Finity. 


Read more

Explore the site

More from the blog

Latest News