Press Center

Malware and antivirus software

News

ESET Research: Lazarus attacks aerospace and defense contractors worldwide while misusing LinkedIn and WhatsApp

Created: 2022-06-01 07:32:10

  • Over the course of the annual ESET World conference, ESET researchers have been presenting a new investigation into the infamous Lazarus APT Group and their attack on defense contractors around the world between late 2021 and March 2022.
  • Targets were, according to ESET Telemetry, in Europe (France, Italy, Spain, Germany, Czech Republic, the Netherlands, Poland, and Ukraine), the Middle East (Turkey, Qatar), and Latin America (Brazil).
  • For fake recruiting campaigns, they used services such as LinkedIn and WhatsApp.
  • According to the U.S. government, Lazarus is linked to the North Korean regime.

BRATISLAVA — June 1, 2022 — During the annual ESET World conference, ESET researchers have been presenting about a new investigation into the infamous Lazarus APT group. Director of ESET Threat Research, Jean-Ian Boutin, went over various new campaigns perpetrated by the Lazarus group against defense contractors around the world between late 2021 and March 2022.

In the relevant 2021-2022 attacks, and according to ESET telemetry, Lazarus has been targeting companies in Europe (France, Italy, Spain, Germany, the Netherlands, Poland, and Ukraine) and Latin America (Brazil).

Despite the primary aim of this Lazarus operation being cyber-espionage, the group has also worked to exfiltrate money (unsuccessfully). “The Lazarus threat group showed ingenuity by deploying an interesting toolset, including, for example, a user mode component able to exploit a vulnerable Dell driver in order to write to kernel memory. This advanced trick was used in an attempt to bypass security solutions monitoring,” says Jean-Ian Boutin.

As early as 2020, ESET researchers had already documented a campaign pursued by a sub-group of Lazarus against European aerospace and defense contractors ESET called operation In(ter)ception. This campaign was noteworthy as it used social media, especially LinkedIn, to build trust between the attacker and an unsuspecting employee before sending them malicious components masquerading as

job descriptions or applications. At that time, companies in Brazil, Czech Republic, Qatar, Turkey and Ukraine had already been targeted.

ESET researchers believed that the action was mostly geared toward attacking European companies, but through tracking a number of Lazarus sub-groups performing similar campaigns against defense contractors, they soon realized that the campaign extended much wider. While the types of malware used in the various campaigns were different, the initial modus operandi (M.O.) always remained the same: a fake recruiter contacted an employee through LinkedIn and eventually sent malicious components.

In this regard, they’ve continued with the same M.O. as in the past. However, ESET researchers have also documented the reuse of legitimate hiring campaign elements to add legitimacy to their fake recruiters’ campaigns. Additionally, the attackers have used services such as WhatsApp or Slack in their malicious campaigns.

 

Fake recruiting campaign by Lazarus

In 2021, the U.S. Department of Justice charged three IT programmers for cyberattacks as they were working for the North Korean military. According to the U.S. government, they belonged to the North Korean military hacker unit known in the infosec community as Lazarus Group.

Along with the new Lazarus research, ESET has been presenting about the “Past and Present Cyberwar in Ukraine” during the annual conference. ESET researcher Robert Lipovský has taken an in-depth look at the cyber war during Russia’s war against Ukraine – including the latest attempt to disrupt the country's power grid using Industroyer2 and various wiper attacks.

Alongside ESET Research at ESET World, Canadian astronaut Chris Hadfield, former Commander of the International Space Station, and key figure in ESET’s Progress Protected campaign, has joined ESET CEO Richard Marko to discuss the intricacies of technology, science and life.

 


 

About ESET
ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that builds out the ESET product line to include ESET Smart Security. ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely small system footprint to create the most effective security solution in the industry. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks. Sold in more than 160 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in Bristol, U.K.; Buenos Aires, AR; Prague, CZ; and is globally represented by an extensive partner network. For more information, visit our local office at https://eset.version-2.sg.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities. For more information, please visit https://www.version-2.com.sg/ or call (65) 6296-4268.

Why ESET?

ESET has over 25 years' experience of helping people to Enjoy Safer Technology. Our software is light on hardware, but hard on malware.

Our Technology

ESET’s award-winning NOD32® Antivirus technology is at the cutting edge of digital security. It’s updated daily to keep you secure.

Free Support

Enjoy your free, industry-leading customer support locally. For technical, sales and marketing enquires dial +65 6296 4268.