Lazarus covets COVID-19-related intelligence
Contents
As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that actors, such as the Lazarus group, are going after intelligence that could help these efforts by attacking entities related to COVID-19 research.
While tracking the Lazarus group’s continuous campaigns targeting various industries, we discovered that they recently went after COVID-19-related entities. They attacked a pharmaceutical company at the end of September, and during our investigation we discovered that they had also attacked a government ministry related to the COVID-19 response. Each attack used different tactics, techniques and procedures (TTPs), but we found connections between the two cases and evidence linking those attacks to the notorious Lazarus group.
Relationship of recent Lazarus group attack
In this blog, we describe two separate incidents. The first one is an attack against a government health ministry: on October 27, 2020, two Windows …
While tracking the Lazarus group’s continuous campaigns targeting various industries, we discovered that they recently went after COVID-19-related entities. They attacked a pharmaceutical company at the end of September, and during our investigation we discovered that they had also attacked a government ministry related to the COVID-19 response. Each attack used different tactics, techniques and procedures (TTPs), but we found connections between the two cases and evidence linking those attacks to the notorious Lazarus group.
Relationship of recent Lazarus group attack
In this blog, we describe two separate incidents. The first one is an attack against a government health ministry: on October 27, 2020, two Windows …
IoC
0e44fcafab066abe99fe64ec6c46c84e
26545f5abb70fc32ac62fdab6d0ea5b2
4088946632e75498d9c478da782aa880
4814b06d056950749d07be2c799e8dc2
5983db89609d0d94c3bcc88c6342b354
9c6ba9678ff986bcf858de18a3114ef3
[email protected]
dc3c2663bd9a991e0fbec791c20cbf92
http://client.livesistemas.com/Live/posto/[email protected]@[email protected]@story.jsp
http://sistema.celllab.com.br/webrun/Navbar/[email protected]@[email protected]@customZoom.jsp
http://www.bytecortex.com.br/eletronicos/[email protected]@[email protected]@Functions.jsp
http://www.cometnet.biz/framework/common/common.asp
http://www.k-kiosk.com/bbs/notice_write.asp
https://iski.silogica.net/events/[email protected]@[email protected]@cookie.jsp
https://sac.najatelecom.com.br/sac/Dados/[email protected]@[email protected]@default.jsp
https://www.gongim.com/board/ajax_Write.asp
https://www.kne.co.kr/upload/Customer/BBS.asp
https://www.locknlockmall.com/common/popup_left.asp
26545f5abb70fc32ac62fdab6d0ea5b2
4088946632e75498d9c478da782aa880
4814b06d056950749d07be2c799e8dc2
5983db89609d0d94c3bcc88c6342b354
9c6ba9678ff986bcf858de18a3114ef3
[email protected]
dc3c2663bd9a991e0fbec791c20cbf92
http://client.livesistemas.com/Live/posto/[email protected]@[email protected]@story.jsp
http://sistema.celllab.com.br/webrun/Navbar/[email protected]@[email protected]@customZoom.jsp
http://www.bytecortex.com.br/eletronicos/[email protected]@[email protected]@Functions.jsp
http://www.cometnet.biz/framework/common/common.asp
http://www.k-kiosk.com/bbs/notice_write.asp
https://iski.silogica.net/events/[email protected]@[email protected]@cookie.jsp
https://sac.najatelecom.com.br/sac/Dados/[email protected]@[email protected]@default.jsp
https://www.gongim.com/board/ajax_Write.asp
https://www.kne.co.kr/upload/Customer/BBS.asp
https://www.locknlockmall.com/common/popup_left.asp