North Korea Lazarus APT targets software supply chain

A notorious North Korean APT group has been observed compromising the software supply chain, in campaigns recalling attacks on SolarWinds and Kaseya, according to Kaspersky.

Lazarus infected legitimate South Korean security software to deploy malicious payload to target a think tank in the Asian country, the researchers explained.

An updated version of its remote access Trojan BLINDINGCAN (RAT) previously covered by US authorities and a second RAT, dubbed COPPERHEDGE, were used in the attack.

A second campaign saw Lazarus first target a Latvian provider of IT asset monitoring solutions. While it is not clear whether there were any downstream casualties, the attack involved the use of a downloader dubbed “Racket,” which was signed using a stolen certificate. In addition, several vulnerable web servers have reportedly been compromised in the company and malicious scripts have been uploaded to control the implants on the breached machines.

Kaspersky also noted Lazarus’ renewed interest in the defense industry. In June, he spotted cyber espionage attacks using the MATA framework, which runs on three operating systems: Windows, Linux, and macOS.

The attacks involved versions of applications with a Trojan horse that were heavily used by victim organizations, Kaspersky said.

“These recent developments highlight two things: Lazarus remains interested in the defense industry and also seeks to expand its capabilities with supply chain attacks,” said Ariel Jungheit, senior security researcher at Kaspersky.

“When carried out successfully, supply chain attacks can have devastating results, affecting far more than one organization – which we clearly saw with the SolarWinds attack last year. With threat actors investing in such capabilities, we must remain vigilant and focus defense efforts on this front. “

A BlueVoyant report earlier this month claimed that 93% of global organizations had experienced a direct breach through their supply chains in the past year. In fact, the number of such violations increased by 37% from the previous year, he said.

About Jon Moses

Check Also

Intel promises “substantial contributions” to the growth of RISC-V • The Register

Analysis Here’s something that would have seemed odd just a few years ago: to help …

Leave a Reply

Your email address will not be published.