Endpoint/Device Security, Threat Intelligence, Security Staff Acquisition & Development

Trojanized VNC apps leveraged in defense-targeted Lazarus Group attacks

North Korea's Lazarus Group, also known as TEMP.Hermit or Hidden Cobra, has been continuing its Operation Dream Job campaign with new intrusions leveraging trojanized Virtual Network Computing apps targeted at defense industry and nuclear engineers, according to The Hacker News. Kaspersky researchers revealed that malicious job interview apps have been leveraged by Lazarus facilitate the distribution of the LPEClient backdoor with compromised host profiling capabilities, an updated COPPERHEDGE malware version with arbitrary command execution and data exfiltration functionality, and a custom malware for file transmission. The findings come after Lazarus Group was reported by ESET to have impersonated a recruiter for Facebook parent firm Meta on LinkedIn to target a Spain-based aerospace firm with the LightlessCan malware. Lazarus Group and other North Korean state-sponsored threat operations APT43, Kimsuky, and APT37, also known as ScarCruft, were noted by Mandiant to have been collaborating in strengthening their attack arsenal for different platforms.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.