Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium
Contents
ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers
ESET researchers uncovered and analyzed a set of malicious tools that were used by the infamous Lazarus APT group in attacks during the autumn of 2021. The campaign started with spearphishing emails containing malicious Amazon-themed documents and targeted an employee of an aerospace company in the Netherlands, and a political journalist in Belgium. The primary goal of the attackers was data exfiltration. Lazarus (also known as HIDDEN COBRA) has been active since at least 2009. It is responsible for high-profile incidents such as both the Sony Pictures Entertainment hack and tens-of-millions-of-dollar cyberheists in 2016, the WannaCryptor (aka WannaCry) outbreak in 2017, and a long history of disruptive attacks against South Korean public and critical infrastructure since at least 2011.
Key findings in this blogpost:
- The Lazarus campaign targeted an employee …
ESET researchers uncovered and analyzed a set of malicious tools that were used by the infamous Lazarus APT group in attacks during the autumn of 2021. The campaign started with spearphishing emails containing malicious Amazon-themed documents and targeted an employee of an aerospace company in the Netherlands, and a political journalist in Belgium. The primary goal of the attackers was data exfiltration. Lazarus (also known as HIDDEN COBRA) has been active since at least 2009. It is responsible for high-profile incidents such as both the Sony Pictures Entertainment hack and tens-of-millions-of-dollar cyberheists in 2016, the WannaCryptor (aka WannaCry) outbreak in 2017, and a long history of disruptive attacks against South Korean public and critical infrastructure since at least 2011.
Key findings in this blogpost:
- The Lazarus campaign targeted an employee …
IoC
001386CBBC258C3FCC64145C74212A024EAA6657
085F3A694A1EECDE76A69335CD1EA7F345D61456
192.168.1.240
296D882CB926070F6E43C99B9E1683497B6F17C4
31.11.32.79
4AA48160B0DB2F10C7920349E3DCCE01CCE23FE3
50.192.28.29
55CAB89CB8DABCAA944D0BCA5CBBBEB86A11EA12
569234EDFB631B4F99656529EC21067A4C933969
5F4FBD57319BD0D2DF31131E864FDDA9590A652D
67.225.140.4
735B7E9DFA7AF03B751075FD6D3DE45FBF0330A2
806668ECC4BFB271E645ACB42F22F750BFF8EE96
83CF7D8EF1A241001C599B9BCC8940E089B613FB
97DAAB7B422210AB256824D9759C0DBA319CA468
BD5DCB90C5B5FA7F5350EA2B9ACE56E62385CA65
BE93E050D9C0EAEB1F0E6AE13C1595B5
C71C19DBB5F40DBB9A721DC05D4F9860590A5762
C948AE14761095E4D76B55D9DE86412258BE7AFD
FD6D0080D27929C803A91F268B719F725396FE79
http://www.stracarrara.org/images/img.asp
https://aquaprographix.com/patterns/Map/maps.php
https://thetalkingcanvas.com/thetalking/globalcareers/us/5/careers/jobinfo.php?image=
https://turnscor.com/wp-includes/feedback.php
https://www.gonnelli.it/uploads/catalogo/thumbs/thumb.asp
085F3A694A1EECDE76A69335CD1EA7F345D61456
192.168.1.240
296D882CB926070F6E43C99B9E1683497B6F17C4
31.11.32.79
4AA48160B0DB2F10C7920349E3DCCE01CCE23FE3
50.192.28.29
55CAB89CB8DABCAA944D0BCA5CBBBEB86A11EA12
569234EDFB631B4F99656529EC21067A4C933969
5F4FBD57319BD0D2DF31131E864FDDA9590A652D
67.225.140.4
735B7E9DFA7AF03B751075FD6D3DE45FBF0330A2
806668ECC4BFB271E645ACB42F22F750BFF8EE96
83CF7D8EF1A241001C599B9BCC8940E089B613FB
97DAAB7B422210AB256824D9759C0DBA319CA468
BD5DCB90C5B5FA7F5350EA2B9ACE56E62385CA65
BE93E050D9C0EAEB1F0E6AE13C1595B5
C71C19DBB5F40DBB9A721DC05D4F9860590A5762
C948AE14761095E4D76B55D9DE86412258BE7AFD
FD6D0080D27929C803A91F268B719F725396FE79
http://www.stracarrara.org/images/img.asp
https://aquaprographix.com/patterns/Map/maps.php
https://thetalkingcanvas.com/thetalking/globalcareers/us/5/careers/jobinfo.php?image=
https://turnscor.com/wp-includes/feedback.php
https://www.gonnelli.it/uploads/catalogo/thumbs/thumb.asp