Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

UK Cybersecurity Firm Says North Korean Attacks on Israel Successful

Since the beginning of 2020, the North Korea-linked threat group known as Lazarus has successfully compromised dozens of organizations in Israel and other countries by targeting their employees with appealing job offers, UK-based cybersecurity firm ClearSky reported this week.

Since the beginning of 2020, the North Korea-linked threat group known as Lazarus has successfully compromised dozens of organizations in Israel and other countries by targeting their employees with appealing job offers, UK-based cybersecurity firm ClearSky reported this week.

Also referred to as Hidden Cobra, Lazarus is a cyber-espionage threat actor that also engages in financially-motivated attacks, including campaigns on crypto-currency exchanges, the WannaCry outbreak in 2017, the Sony Pictures Entertainment incident, and the $81 million Bangladesh bank theft

The hacking group is known for the use of a variety of malware, including the recently detailed MATA framework and a significant number of Mac malware families. Over the past couple of years, the U.S. Cyber Command (USCYBERCOM) has shared various malware samples associated with the group.

Earlier this week, the Israeli defense ministry claimed to have successfully prevented a Lazarus attack targeting the country’s defense manufacturers, but ClearSky says that the attackers were in fact successful in their attempts.

“This campaign has been active since the beginning of the year and it succeeded, in our assessment, to infect several dozens of companies and organizations in Israel and globally. Its main targets include defense, governmental companies, and specific employees of those companies,” ClearSky says.

The company, which identified North Korean activity in Israel last year as well, explains that the attackers leveraged social engineering in the new attacks, which it collectively refers to as operation “Dream Job.

The reason for this name is that the attackers used carefully created fake LinkedIn accounts to contact potential victims and lure them with the promise of lucrative job offerings, on behalf of prominent defense and aerospace entities in the United States, such as BAE, Boeing, and McDonnell Douglas.

The attackers spent weeks or even months gaining the victim’s trust by conducting conversations via personal emails, instant messaging applications, and even through voice calls on the phone or over WhatsApp.

Advertisement. Scroll to continue reading.

Once the goal had been achieved, the victim, an employee at the targeted organization, would be tricked into opening a malicious attachment within the enterprise environment, thus providing the hackers with a foothold within the company. At this point, all communication with the victim would cease and the fake social platform accounts would be deleted.

A successful infection allowed attackers to collect information on the company’s activity, as well as on its financial affairs, likely in preparation for future attacks aimed at stealing money from the victim organizations.

“We assess this to be this year’s main offensive campaign by the Lazarus group, and it embodies the sum of the group’s accumulative knowledge on infiltration to companies and organizations around the globe. In our estimation, the group operates dozens of researchers and intelligence personnel to maintain the campaign globally,” ClearSky notes.

Related: Israel Says Foiled Cyber Attack on Its Defence Firms

Related: Several New Mac Malware Families Attributed to North Korean Hackers

Related: Multi-Platform Malware Framework Linked to North Korean Hackers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.