Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

UK Cybersecurity Firm Says North Korean Attacks on Israel Successful

Since the beginning of 2020, the North Korea-linked threat group known as Lazarus has successfully compromised dozens of organizations in Israel and other countries by targeting their employees with appealing job offers, UK-based cybersecurity firm ClearSky reported this week.

Since the beginning of 2020, the North Korea-linked threat group known as Lazarus has successfully compromised dozens of organizations in Israel and other countries by targeting their employees with appealing job offers, UK-based cybersecurity firm ClearSky reported this week.

Also referred to as Hidden Cobra, Lazarus is a cyber-espionage threat actor that also engages in financially-motivated attacks, including campaigns on crypto-currency exchanges, the WannaCry outbreak in 2017, the Sony Pictures Entertainment incident, and the $81 million Bangladesh bank theft

The hacking group is known for the use of a variety of malware, including the recently detailed MATA framework and a significant number of Mac malware families. Over the past couple of years, the U.S. Cyber Command (USCYBERCOM) has shared various malware samples associated with the group.

Earlier this week, the Israeli defense ministry claimed to have successfully prevented a Lazarus attack targeting the country’s defense manufacturers, but ClearSky says that the attackers were in fact successful in their attempts.

“This campaign has been active since the beginning of the year and it succeeded, in our assessment, to infect several dozens of companies and organizations in Israel and globally. Its main targets include defense, governmental companies, and specific employees of those companies,” ClearSky says.

The company, which identified North Korean activity in Israel last year as well, explains that the attackers leveraged social engineering in the new attacks, which it collectively refers to as operation “Dream Job.

The reason for this name is that the attackers used carefully created fake LinkedIn accounts to contact potential victims and lure them with the promise of lucrative job offerings, on behalf of prominent defense and aerospace entities in the United States, such as BAE, Boeing, and McDonnell Douglas.

The attackers spent weeks or even months gaining the victim’s trust by conducting conversations via personal emails, instant messaging applications, and even through voice calls on the phone or over WhatsApp.

Once the goal had been achieved, the victim, an employee at the targeted organization, would be tricked into opening a malicious attachment within the enterprise environment, thus providing the hackers with a foothold within the company. At this point, all communication with the victim would cease and the fake social platform accounts would be deleted.

A successful infection allowed attackers to collect information on the company’s activity, as well as on its financial affairs, likely in preparation for future attacks aimed at stealing money from the victim organizations.

“We assess this to be this year’s main offensive campaign by the Lazarus group, and it embodies the sum of the group’s accumulative knowledge on infiltration to companies and organizations around the globe. In our estimation, the group operates dozens of researchers and intelligence personnel to maintain the campaign globally,” ClearSky notes.

Related: Israel Says Foiled Cyber Attack on Its Defence Firms

Related: Several New Mac Malware Families Attributed to North Korean Hackers

Related: Multi-Platform Malware Framework Linked to North Korean Hackers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Nation-State

FBI says a North Korea-linked threat group known as Lazarus and APT38 is behind the $100 million Horizon bridge cryptocurrency heist.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.