Emulating the Highly Sophisticated North Korean Adversary Lazarus Group

2023-01-05 • Attack IQ •

https://www.attackiq.com/2023/01/05/emulating-the-highly-sophisticated-north-korean-adversary-lazarus-group/

#Trend #DreamJob #Inception #MagicRAT #ThreatNeedle #Sharpshooter #T1082 #T1041 #T1071.001 #T1046 #T1112 #T1083 #T1057 #T1547.001 #T1053.005 #T1036.005 #T1003 #T1105 #T1055 #T1220 #T1049 #T1016 #T1074.001 #T1218.011 #T1218.010 #T1047 #T1025 #T1033 #T1543.003 #T1012 #T1007 #T1572 #T1552.002 #T1003.002 #T1048.001

Thumbnail for Emulating the Highly Sophisticated North Korean Adversary Lazarus Group

AttackIQ released attack graphs that emulate Lazarus Group tradecraft across historical campaigns including Operation Sharpshooter, Operation In(ter)ception, and Operation Dream Job. The excerpt attributes Lazarus Group to North Korea’s Reconnaissance General Bureau and notes links or overlaps with Andariel, BlueNoroff, APT37, and Kimsuky. The emulations cover delivery of malicious Office documents, LNK files, trojanized DLLs, Startup-folder and scheduled-task persistence, RunDLL32 and Regsvr32 execution, WMI activity, process injection, discovery commands, credential access, staging, encrypted HTTPS exfiltration, and C2 communications. Targeting described in the excerpt includes finance, energy, defense, military, aerospace, government, and other organizations reached through social engineering and fake job offers.

Related Reports

2022-12-22 • 48% Match

Emulating the Politically Motivated North Korean Adversary Andariel

Attack IQ

#Andariel #T1082 #T1041 #T1071.001 #T1083 #T1057 #T1547.001 #T1053.005 #T1036.005 #T1105 #T1486 #T1049 #T1016 #T1074.001 #T1218.011 #T1218.010 #T1217 #T1033 #T1012 #T1120 #T1016.001 #T1197

Shares tags: T1082, T1041, T1071.001 • Same author: Attack IQ • Published within a month

2023-02-02 • 32% Match

No Pineapple! - DPRK Targeting of Medical Research and Technology Sector

With Secure

#Whitepaper #NoPineapple #DTrack #GREASE #Zimbra #T1082 #T1119 #T1070.004 #T1041 #T1560 #T1071.001 #T1083 #T1071 #T1057 #T1053.005 #T1036.005 #T1059 #T1078 #T1190 #T1049 #T1016 #T1018 #T1003.001 #T1021.001 #T1106 #T1090.001 #T1074 #T1553 #T1033 #T1569.002 #T1090.002 #T1012 #T1087.002 #T1114.002 #T1505.003 #T1556 #T1037.005 #T1136 #T1070.007 #T1587.002

Shares tags: T1082, T1041, T1071.001 • Published within a month

2023-04-26 • 31% Match

Emulating Kimsuky's Espionage Operations

Attack IQ

#Kimsuky #T1082 #T1140 #T1041 #T1071.001 #T1115 #T1083 #T1056.001 #T1057 #T1518.001 #T1547.001 #T1053.005 #T1105 #T1087 #T1016 #T1074.001 #T1218.011 #T1218.010 #T1047 #T1033 #T1048.002

Shares tags: T1082, T1041, T1071.001 • Same author: Attack IQ

2023-04-14 • 24% Match

Response to Lazarus' 3CX Supply Chain Compromise

Attack IQ

#SupplyChain #3CXDesktopApp #SmoothOperator #T1082 #T1071.001 #T1057 #T1105 #T1055 #T1620 #T1049 #T1087.001 #T1070.006 #T1574.001 #T1543.003 #T1012 #T1069.001 #T1016.001 #T1547.002

Shares tags: T1082, T1071.001, T1057 • Same author: Attack IQ

2022-12-27 • 23% Match

BlueNoroff introduces new methods bypassing MoTW

Kaspersky

#Bluenoroff #T1059.003 #T1041 #T1071.001 #T1204.001 #T1204.002 #T1566.002 #T1059.005 #T1566.001 #T1497.001 #T1027.002 #T1218.011 #T1055.002 #T1221 #T1218.007 #T1547.008 #T1553.005

Shares tags: T1041, T1071.001, T1218.011 • Published within a month

2025-08-13 • 22% Match

APT PROFILE – LAZARUS GROUP

Cyfirma

#Lazarus #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1584.004 #T1005 #T1070.004 #T1587.001 #T1041 #T1560 #T1608.001 #T1071.001 #T1046 #T1083 #T1056.001 #T1204.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1124 #T1057 #T1059.005 #T1583.006 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1583.001 #T1059.001 #T1036.005 #T1132.001 #T1001.003 #T1585.001 #T1497.001 #T1105 #T1553.002 #T1620 #T1574.002 #T1562.001 #T1027.002 #T1489 #T1078 #T1008 #T1571 #T1491.001 #T1218 #T1220 #T1203 #T1189 #T1049 #T1564.001 #T1098 #T1016 #T1074.001 #T1588.002 #T1562.004 #T1591 #T1218.011 #T1583.004 #T1036.004 #T1588.003 #T1218.010 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1048.003 #T1134.002 #T1027.007 #T1021.001 #T1106 #T1090.001 #T1573 #T1070 #T1047 #T1574.013 #T1561.001 #T1036.003 #T1529 #T1055.001 #T1614.001 #T1010 #T1021.002 #T1033 #T1543.003 #T1485 #T1090.002 #T1542.003 #T1560.002 #T1012 #T1110 #T1547.009 #T1110.003 #T1534 #T1588.004 #T1104 #T1591.004 #T1561.002 #T1608.002 #T1202 #T1221 #T1557.001 #T1087.002 #T1560.003 #T1070.003 #T1021.004

Shares tags: T1082, T1041, T1071.001

« Back