Researchers at Kasperksy have tied a piece of malware used by Lazarus Group last seen targeting security vulnerability researchers earlier this year to another campaign by the North Korean hacking group focused on pilfering sensitive data from defense contractors across 12 countries since 2020.

Kaspersky researchers Vyacheslav Kopeytsev and Seongsu Park write that the group first gained an initial foothold through spearphishing emails. Many referenced or played off the global COVID-19 pandemic, while other example emails appeared to mimic job postings for defense contractors. Those emails contained a malicious Microsoft Word macro attachment that allowed attackers to deploy malware, which Kaspersky calls ThreatNeedle, that installs a backdoor on victim networks, allowing for lateral movement and exfiltration of sensitive or confidential information.

The final payload is capable of manipulating files and directories, executing received commands, system profiling, putting a device in sleep or hibernation mode and controlling backdoor process and updating backdoor configurations.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.