Six North Korean Threat Groups Under The Umbrella Of Lazarus

   September 12, 2024  Posted in CyberSecurityNews


Lazarus Group is a notorious APT hacker group believed to be state-sponsored by North Korea, primarily linked to the country’s intelligence agency. 

This group has been involved in a wide range of cybercriminal activities since at least 2009, and it’s known for its sophisticated attacks on various targets like financial institutions, corporations, and critical infrastructure.

EHA

Cybersecurity researchers at Palo Alto Networks recently identified that there are six North Korean threat groups under the umbrella of the Lazarus group.

Here below we have mentioned all those six groups:-

  • Alluring Pisces (Bluenoroff [PDF])
  • Gleaming Pisces (Citrine Sleet)
  • Jumpy Pisces (Andariel)
  • Selective Pisces (TEMP.Hermit [PDF])
  • Slow Pisces (TraderTraitor)
  • Sparkling Pisces (Kimsuky)

North Korean Hackers With Lazarus

North Korean cyber threat groups that are operating under the Reconnaissance General Bureau (RGB) were found to be deploying a sophisticated malware arsenal across all the major platform, Windows, macOS, and Linux. 

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

Notable examples include:- 

  • RustBucket: A three-stage macOS backdoor that uses AppleScript, Swift/Objective-C, and Rust. 
  • KANDYKORN: A five-stage macOS infection chain that employs Python scripts, SUGARLOADER, and HLOADER for persistence. 
  • OdicLoader: A Linux ELF downloader masquerading as a PDF using the Unicode character U+2024. 
  • CollectionRAT: A Windows Remote Administration Tool (RAT) that uses the Microsoft Foundation Class library.

These malware families present advanced techniques like reflective loading, multi-stage payloads, and encrypted command and control (C2) communication. 

For instance, Comebacker uses HTTP POST requests with randomly generated parameter names for C2, while the PondRAT targets both macOS and Linux systems. 

The malware ecosystem includes specialized tools like “ObjCShellz” (an Objective-C backdoor) and “Fullhouse” (a C/C++ HTTP backdoor).

Organizational chart for North Korean threat groups under the RGB, showing both Unit 42 names and other akas (Source – Palo Alto Networks)

Besides this, groups like Alluring Pisces (APT38), Gleaming Pisces, and Selective Pisces (ZINC) have executed high-profile attacks, including the “2014 Sony Pictures hack” and “2017 WannaCry ransomware campaign.”

The malware families discussed include Remote Access Trojans (RATs), keyloggers, backdoors, and information stealers. 

As such state-sponsored cyber activities, that frequently focus on critical infrastructure, financial and government targets, it is important that organizations develop ready comprehensive cyber strategies, Palo Alto said.

Mitigations

Here below we have mentioned all the mitigations:-

  • Incorporate periodic security assessments.
  • Perform periodic reviews.
  • Must have strong endpoint solutions and protection.
  • Deploy physical barriers to data networks.
  • Make sure to have multi-schema support.
  • Training of the staff on security issues on an endless basis is also necessary.

Simulating Cyberattack Scenarios With All-in-One Cybersecurity Platform – Watch Free Webinar



Source link