%20(4).png)
Security researchers at Kaspersky Lab have uncovered a new campaign by the notorious Lazarus hacking group, which is well known for its advanced operations targeting organizations worldwide.
Through investigations carried out by Kaspersky's Global Research and Analysis Team (GReAT), an advanced threat campaign utilizing malicious software spread through legitimate programs was revealed. A series of cyber incidents was discovered that exploited vulnerabilities in popular software used for encrypting web communications with digital certificates.
Although patches were released to address the vulnerabilities, many organizations continued using the affected versions of the programs. This gave Lazarus hackers an entry point to compromise systems.
Advanced evasion techniques and malware like the SIGNBT Trojan were deployed by the attackers to control victim machines remotely. The previously seen LPEClient tool was also used to help with lateral movement and internal reconnaissance, as seen in past targeting of defense contractors and nuclear engineers.
LPEClient functions as an infection vector and plays a role in profiling victim characteristics. Kaspersky notes the attacks match Lazarus' modus operandi based on past incidents like the supply chain attack on 3CX.
The original software supply company target has been hit repeatedly, showing Lazarus' sophisticated design and reuse of successful strategies - likely aiming to steal source code or disrupt software supply chains.
Vulnerabilities were exploited in the company's products, and other users of unpatched versions were also attacked. Kaspersky Endpoint Security was able to quickly identify the threats and block further attacks on additional targets.
A Kaspersky security researcher commented on Lazarus' ongoing activities, advanced skills, and the need for continued vigilance against this persistent and evolving threat. Organizations are urged to strengthen defenses in the face of this highly capable adversary.