Monday, December 18, 2017

Lazarus Group - Cybercrime

The Lazarus Group is suspected in many cyber attacks over the last decade.

The earliest attack that the group is known for was "Operation Troy", which took place from 2009–2012. This was a cyber-espionage campaign that utilized unsophisticated distributed denial-of-service attack (DDoS) techniques to target the South Korean government in Seoul. They are also responsible for attacks in 2011 and 2013.

Advanced Persistant Threats are a class of hackers that are well resourced, persistent, and motivated.
Kaspersky linked a North Korean IP address to Lazarus. Over time, attacks from the group have grown more sophisticated; their techniques and tools have become better and more effective.

A March 2011 attack known as "Ten Days of Rain" targeted South Korean media, financial, and critical infrastructure. The Lazarus Group attacks culminated on November 24, 2014. The Sony Pictures hack was the biggest corporate breach in history.

Security experts believe that the hackers have created Android malware to hack into their targets' phones.
Most recently the Lazarus Group has been targeting employees at cryptocurrency firms with spearphishing attacks in order to steal Bitcoin. Hackers are using the lure of a job opening for the CFO role at a cryptocurrency firm as part of their scheme. Microsoft Word attachments are embedded with malicious macros which create separate decoy documents when enabled. The macros then install first-stage Remote Access Trojans (RATs) inside victims' computers. Hackers use these to download additional malware to facilitate their Bitcoin-stealing operation.
The Lazarus Group has been linked to an operation that saw Bangladesh Bank lose upwards to $81 million to cyber thieves. They and others have targeted SWIFT, an interbank payment system.
See ----->