A Quick Review of Lazarus APT Hackers' Newly Accumulated Tools

What happened?

• Most recently, the hacker group targeted Japanese organizations with the help of obfuscated malware and sophistication functionalities. Besides, the group has been targeting government, e-commerce, and cryptocurrency-based organizations.
• The attackers were spotted using VMProtect and SMBMAP Python tool, which allows access to the remote host via an SMB connection after converting it to a Windows Portable Executable (PE) file with Pyinstaller.

Other attacks

• In August 2020, the Lazarus group targeted an organization in the cryptocurrency vertical through LinkedIn job adverts.
• In the same month, the Lazarus group launched attacks against the Israeli defense industry.
• In July, the group was found involved in the interception of online payments from American and European shoppers.

New tools and tactics 

• In mid-August, Lazarus was seen using a new strain of malware, dubbed BLINDINGCAN, for targeting the U.S. and foreign companies active in the military defense and aerospace sectors.
• The group used MATA malware to compromise a large number of e-commerce firms, software developers, and ISPs across Poland, Germany, Turkey, Korea, Japan, and India.
• Lazarus also equipped itself with digital skimming abilities, also known as Magecart attacks, to gain access to the store code of large retailers, such as Claire’s.
• The group was also found using BEC scams during Operation In(ter)ception that targeted victims for both cyberespionage and financial theft.

In closing