Lazarus hacker Group Attack Malware ThreatNeedle verifiedms, ccfullzshopcom
Lazarus has now added the defence industry to its growing list of victims. Lazarus is a North Korean hacking group that has been active since 2009. The group has primarily been linked with ransomware campaigns, cyberespionage, and attacks against the cryptocurrency market.
Researchers at Kaspersky were made aware of the attack on the defence industry when they had responded to an incident, and had discovered a backdoor that was subsequently named ThreatNeedle. The main goal of the backdoor is to extract confidential information and send it to the attackers by moving laterally through the infected networks.
Spearphishing is the method commonly used to deliver ThreatNeedle to the targets. The malicious Word documents are written to sound like urgent communication and updates regarding COVID-19.
ThreatNeedle is installed upon the document being opened, and this allows the attacker to take control of the infected machine.
Though this sounds like a regular malware that infects your system and steals data, it is nothing like it. It is more a malware on steroids than your run of the mill softwares. ThreatNeedle is capable of jumping between internet-facing office networks and restricted access operational technology (OT) networks where mission-critical hardware lives.
The policies of the victim companies state that under no circumstance should data be able to be transferred between the two networks. However, administrators had the ability to connect to both solely for the purpose of maintenance.
Precautions to be taken: