윈도우즈 업데이트 서비스 악용, 북한 Lazarus 그룹의 신규 공격

2022-04-01 Somansa Abuse of Windows update service, new attack by North Korea's Lazarus group

https://www.somansa.com/wp-content/uploads/2022/05/%EC%86%8C%EB%A7%8C%EC%82%AC-%EB%B0%A9%EC%82%B0%EC%97%85%EC%B2%B4-%EC%9E%85%EC%82%AC%EC%A0%9C%EC%95%88%EC%84%9C%EB%A1%9C-%EC%9C%84%EC%9E%A5%ED%95%98%EC%97%AC-%EA%B3%84%EC%A0%95%EC%A0%95%EB%B3%B4-%ED%83%88%EC%B7%A8-%EB%B6%81%ED%95%9C-%EB%9D%BC%EC%9E%90%EB%A3%A8%EC%8A%A4-%EA%B7%B8%EB%A3%B9%EC%9D%98-%EC%9C%88%EB%8F%84%EC%9A%B0%EC%A6%88-%EC%97%85%EB%8D%B0%EC%9D%B4%ED%8A%B8-%EC%95%85%EC%9A%A9%EA%B3%B5%EA%B2%A9_2022.04.pdf

Attachments

EC868CEBA78CEC82AC-EBB0A9EC82B0EC9785ECB2B4-EC9E85EC82ACECA09CEC95_VnVW61K.pdf (1 MB)

Thumbnail for 윈도우즈 업데이트 서비스 악용, 북한 Lazarus 그룹의 신규 공격

Somansa analyzed a Lazarus campaign that abused Windows Update-related services and lures aimed at defense-industry hiring or remote-work security guidance. The report says North Korean hackers commonly distribute malware by impersonating organizations, institutions, or topical documents, affecting both enterprise employees and ordinary users. In this case, the malware was disguised as a normal file, infected systems after execution, and enabled theft of financial data, sensitive information, personal certificates, and connection records from compromised PCs.

Indicators of Compromise

Type Value First Seen Last Seen
HASH f14b1a91ed1ecd365088ba6de584678… 2022-01-27 2022-04-01
HASH 0d01b24f7666f9bccf0f16ea97e41e0… 2022-01-27 2022-04-01
HASH 829eceee720b0a3e505efbd3262c387… 2022-01-27 2022-04-01

Related Actors

Related Reports

« Back