Strategy, Threat intelligence

Fancy Lazarus DDoS campaign mostly targeted US firms

June 10, 2021
The Fancy Lazarus distributed denial-of-service extortion group has been delivering threatening emails to organizations in the manufacturing, energy, insurance, financial, public utility and retail sectors, most of which are in the U.S., according to a Proofpoint study reported by Threatpost. Proofpoint said that the emails threaten the companies regarding a DDoS attack if they choose not to pay a starting ransom of two Bitcoin, which is equivalent to nearly $75,000.

The campaign "could be an attempt to ride the coattails of high-profile news stories and result in a higher likelihood of payment. Another trend we have seen over the past four months are a focus on sending these threats to financial institutions and large insurance providers," said Sherrod DeGrippo, senior director of threat research and detection at Proofpoint.

Proofpoint's analysis showed that the threatening emails are being sent by Fancy Lazarus to knowledgeable individuals within the targeted organizations.

"The emailed individuals also work in areas such as communications, external relations, investor relations. Additionally, extortion emails are often sent to email aliases such as help desk, abuse, administrative contacts or customer service," said Proofpoint.
Jill Aitoro

SC Media Editor in Chief Jill Aitoro has 20 years of experience editing and reporting on technology, business and policy. She also serves as editorial director at SC Media’s parent company, CyberRisk Alliance. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

prestitial ad