Lazarus campaign TTPs and evolution

Executive summary
AT&T Alien Labs™ has observed new activity that has been attributed to the Lazarus adversary group potentially targeting engineering job candidates and/or employees in classified engineering roles within the U.S. and Europe. This assessment is based on malicious documents believed to have been delivered by Lazarus during the last few months (spring 2021). However, historical analysis shows the lures used in this campaign to be in line with others used to target these groups.
The purpose of this blog is to share the new technical intelligence and provide detection options for defenders. Alien Labs will continue to report on any noteworthy changes.
Key Takeaways:
Lazarus has been identified targeting defense contractors with malicious documents.
There is a high emphasis on renaming system utilities (Certutil and Explorer) to obfuscate the adversary’s activities (T1036.003).
Background
Since 2009, the known tools and capabilities believed to have…

Lazarus campaign TTPs and evolution Posted by:

Fernando Martinez

Read full post

      

By admin