공공 기관 및 대학 등에 널리 사용하는 공인인증서 소프트웨어 취약점을 이용한 Lazarus 공격 그룹 공격 사례

2023-02-27 • Ahnlab • Lazarus attack case using vulnerabilities in certificate software widely used by public institutions and universities •

https://asec.ahnlab.com/ko/48416/

#BYOVD #Lazardoor #Lazarus #T1059.003 #T1070.004 #T1587.001 #T1071.001 #T1046 #T1102 #T1562.001 #T1203 #T1588.002 #T1070.006 #T1068 #T1070 #T1210 #T1587.004

Attachments

공공_기관_및_대학_등에_널리_사용하는_공인인증서_소프트웨어.pdf (2 MB)

AhnLab analyzed a Lazarus intrusion that abused a vulnerability in certificate-related software widely used by South Korean public institutions and universities. The victim had previously been compromised by Lazarus in May 2022 and was reinfected through a zero-day in the same software family even after updating to the latest version then available. AhnLab said the case, together with other unpublished incidents, showed Lazarus continuing to study software vulnerabilities, disable security products, apply anti-forensic techniques, and change TTPs to penetrate South Korean organizations.

Indicators of Compromise

Type	Value	First Seen	Last Seen
HASH	a6602ef2f6dc790ea103ff453eb21024	2023-02-27	2023-02-27
URL	https://ctmnews.kr/member/proce…	2023-02-27	2023-02-27
URL	https://www.kfcjn.com/member/pr…	2023-02-27	2023-02-27
URL	https://www.artinsight.co.kr/da…	2023-02-27	2023-02-27
DOMAIN	lightingmart.co.kr	2023-02-27	2023-02-27
DOMAIN	studyholic.co.kr	2023-02-27	2023-02-27
IPv4	115.68.52.47	2023-02-27	2023-02-27
IPv4	121.78.158.46	2023-02-27	2023-02-27
IPv4	114.108.129.89	2023-02-27	2023-02-27
IPv4	111.92.189.48	2023-02-27	2023-02-27
IPv4	183.110.224.172	2023-02-27	2023-02-27
HASH	61b3c9878b84706db5f871b4808e739a	2023-02-15	2023-02-27
HASH	bd47942e9b6ad87eb5525040db620756	2023-02-15	2023-02-27
HASH	c7256a0fbab0f437c3ad4334aa5cde06	2023-02-15	2023-02-27
HASH	27db56964e7583e19643bf5c98fffd52	2023-02-15	2023-02-27
HASH	6ea4e4ab925a09e4c7a1e80bae5b9584	2023-02-15	2023-02-27
HASH	fc8b6c05963fd5285bce6ed51862f125	2023-02-15	2023-02-27
IPv4	119.207.79.175	2022-10-24	2023-02-27
IPv4	121.78.246.155	2018-03-08	2023-02-27

Related Actors

Lazarus

Novetta

First seen: Feb 2016

Last seen: Jun 2026

Related Reports

2023-02-15 • 64% Match

라자루스 그룹이 사용한 안티 포렌식 기법

Ahnlab

#AntiForensic #LazarLoader #Lazarus

Shares tag: Lazarus • Shares 6 IOCs • Same author: Ahnlab • Published within a month

2025-08-13 • 45% Match

APT PROFILE – LAZARUS GROUP

Cyfirma

#Lazarus #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1584.004 #T1005 #T1070.004 #T1587.001 #T1041 #T1560 #T1608.001 #T1071.001 #T1046 #T1083 #T1056.001 #T1204.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1124 #T1057 #T1059.005 #T1583.006 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1583.001 #T1059.001 #T1036.005 #T1132.001 #T1001.003 #T1585.001 #T1497.001 #T1105 #T1553.002 #T1620 #T1574.002 #T1562.001 #T1027.002 #T1489 #T1078 #T1008 #T1571 #T1491.001 #T1218 #T1220 #T1203 #T1189 #T1049 #T1564.001 #T1098 #T1016 #T1074.001 #T1588.002 #T1562.004 #T1591 #T1218.011 #T1583.004 #T1036.004 #T1588.003 #T1218.010 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1048.003 #T1134.002 #T1027.007 #T1021.001 #T1106 #T1090.001 #T1573 #T1070 #T1047 #T1574.013 #T1561.001 #T1036.003 #T1529 #T1055.001 #T1614.001 #T1010 #T1021.002 #T1033 #T1543.003 #T1485 #T1090.002 #T1542.003 #T1560.002 #T1012 #T1110 #T1547.009 #T1110.003 #T1534 #T1588.004 #T1104 #T1591.004 #T1561.002 #T1608.002 #T1202 #T1221 #T1557.001 #T1087.002 #T1560.003 #T1070.003 #T1021.004

Shares tags: Lazarus, T1059.003, T1070.004

2021-12-02 • 45% Match

APT Profile: Who is Lazarus Group?

SOCRadar

#Lazarus #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1584.004 #T1005 #T1070.004 #T1587.001 #T1041 #T1560 #T1608.001 #T1071.001 #T1046 #T1083 #T1056.001 #T1204.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1124 #T1057 #T1059.005 #T1583.006 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1583.001 #T1059.001 #T1036.005 #T1132.001 #T1001.003 #T1585.001 #T1497.001 #T1105 #T1553.002 #T1620 #T1574.002 #T1562.001 #T1027.002 #T1489 #T1078 #T1008 #T1573.001 #T1571 #T1491.001 #T1218 #T1220 #T1203 #T1189 #T1049 #T1564.001 #T1098 #T1016 #T1074.001 #T1588.002 #T1562.004 #T1591 #T1218.011 #T1583.004 #T1036.004 #T1588.003 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1048.003 #T1134.002 #T1027.007 #T1021.001 #T1106 #T1090.001 #T1070 #T1047 #T1574.013 #T1561.001 #T1036.003 #T1529 #T1055.001 #T1614.001 #T1010 #T1021.002 #T1033 #T1543.003 #T1485 #T1090.002 #T1542.003 #T1560.002 #T1012 #T1110 #T1547.009 #T1110.003 #T1534 #T1588.004 #T1104 #T1591.004 #T1561.002 #T1608.002 #T1202 #T1221 #T1557.001 #T1087.002 #T1560.003 #T1070.003 #T1021.004 #T0865

Shares tags: Lazarus, T1059.003, T1070.004

2024-07-19 • 43% Match

APT Quarterly Highlights : Q2 2024

Cyfirma

#Trend #Andariel #Kimsuky #MoonstoneSleet #Lazarus #T1082 #T1059.003 #T1090 #T1140 #T1005 #T1070.004 #T1041 #T1113 #T1555 #T1560 #T1071.001 #T1046 #T1112 #T1115 #T1083 #T1497 #T1056.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1555.003 #T1071 #T1124 #T1222 #T1552 #T1057 #T1583.003 #T1518.001 #T1547.001 #T1053.005 #T1539 #T1608.005 #T1583.001 #T1059.001 #T1053 #T1552.001 #T1566 #T1059 #T1003 #T1497.001 #T1102.001 #T1574.002 #T1562.001 #T1490 #T1486 #T1129 #T1133 #T1571 #T1548 #T1190 #T1203 #T1564.001 #T1087 #T1562.004 #T1218.011 #T1070.006 #T1547 #T1068 #T1614 #T1573 #T1095 #T1562 #T1070 #T1047 #T1056 #T1176 #T1010 #T1033 #T1569.002 #T1543.003 #T1485 #T1012 #T1202 #T1087.002 #T1021.004 #T1222.001 #T1518 #T1564.003 #T1505.003 #T1069.002 #T1564 #T1595.002 #T1027.005 #T1070.001 #T1056.004 #T1584

Shares tags: Lazarus, T1059.003, T1070.004

2023-05-23 • 42% Match