Lazarus Group is a notorious APT hacker group believed to be state-sponsored by North Korea, primarily linked to the country’s intelligence agency.
This group has been involved in a wide range of cybercriminal activities since at least 2009, and it’s known for its sophisticated attacks on various targets like financial institutions, corporations, and critical infrastructure.
Cybersecurity researchers at Palo Alto Networks recently identified that there are six North Korean threat groups under the umbrella of the Lazarus group.
Here below we have mentioned all those six groups:-
- Alluring Pisces (Bluenoroff [PDF])
- Gleaming Pisces (Citrine Sleet)
- Jumpy Pisces (Andariel)
- Selective Pisces (TEMP.Hermit [PDF])
- Slow Pisces (TraderTraitor)
- Sparkling Pisces (Kimsuky)
North Korean Hackers With Lazarus
North Korean cyber threat groups that are operating under the Reconnaissance General Bureau (RGB) were found to be deploying a sophisticated malware arsenal across all the major platform, Windows, macOS, and Linux.
Decoding Compliance: What CISOs Need to Know – Join Free Webinar
Notable examples include:-
- RustBucket: A three-stage macOS backdoor that uses AppleScript, Swift/Objective-C, and Rust.
- KANDYKORN: A five-stage macOS infection chain that employs Python scripts, SUGARLOADER, and HLOADER for persistence.
- OdicLoader: A Linux ELF downloader masquerading as a PDF using the Unicode character U+2024.
- CollectionRAT: A Windows Remote Administration Tool (RAT) that uses the Microsoft Foundation Class library.
These malware families present advanced techniques like reflective loading, multi-stage payloads, and encrypted command and control (C2) communication.
For instance, Comebacker uses HTTP POST requests with randomly generated parameter names for C2, while the PondRAT targets both macOS and Linux systems.
The malware ecosystem includes specialized tools like “ObjCShellz” (an Objective-C backdoor) and “Fullhouse” (a C/C++ HTTP backdoor).
%20(1).webp "Six North Korean Threat Groups Under The Umbrella Of Lazarus 2")
Besides this, groups like Alluring Pisces (APT38), Gleaming Pisces, and Selective Pisces (ZINC) have executed high-profile attacks, including the “2014 Sony Pictures hack” and “2017 WannaCry ransomware campaign.”
The malware families discussed include Remote Access Trojans (RATs), keyloggers, backdoors, and information stealers.
As such state-sponsored cyber activities, that frequently focus on critical infrastructure, financial and government targets, it is important that organizations develop ready comprehensive cyber strategies, Palo Alto said.
Mitigations
Here below we have mentioned all the mitigations:-
- Incorporate periodic security assessments.
- Perform periodic reviews.
- Must have strong endpoint solutions and protection.
- Deploy physical barriers to data networks.
- Make sure to have multi-schema support.
- Training of the staff on security issues on an endless basis is also necessary.
Simulating Cyberattack Scenarios With All-in-One Cybersecurity Platform – Watch Free Webinar