A new malware campaign from the notorious Lazarus group has been observed, exploiting malware distributed via legitimate software.
Kaspersky’s Research and Analysis Team (GReAT) unveiled the cyber campaign at the Security Analyst Summit (SAS). The team’s investigation identified a series of cyber incidents in which targets were infected via legitimate software designed to encrypt web communications using digital certificates.
Despite the availability of patches for the vulnerabilities, organizations around the world continued to use the unnamed faulty software, inadvertently providing an entry point for the Lazarus Group.
The group demonstrated a high level of sophistication, using advanced evasion techniques and deploying “SIGNBT” malware to control victims’ machines. They also deployed the LPEClient tool, previously seen targeting defense contractors, nuclear engineers and the cryptocurrency sector.
The researchers’ findings suggest that Lazarus Group’s tactics in this campaign align with those seen in the notorious 3CX supply chain attack.
Read more about the attack: Two Connected Software Supply Chain Attacks Lead to 3CX Compromise
The investigation also revealed that the initial victim, a software company, had been targeted multiple times, indicating that they were a determined and focused adversary. This persistence implies an intent to steal critical source code or disrupt the software supply chain.
Kaspersky’s Endpoint Security solution would have been identified and stopped further attacks against other targets.
“The Lazarus Group continuous activity is a testament to their advanced capabilities and unwavering motivation,” said Seongsu Park, Principal Security Researcher at Kaspersky’s GReAT. “They operate on a global scale, targeting a wide range of industries with a diverse toolbox of methods. This means an ongoing and evolving threat that requires increased vigilance.
In response to these findings, Kaspersky recommended several measures to mitigate the risk of targeted attacks. This includes keeping software and security measures up to date, verifying the identity of senders in communications, providing security teams with the necessary information. latest threat intelligenceupskilling cybersecurity staff through online training and implementing endpoint detection and response solutions.