Lazarus Group Uses CookiePlus Malware to Target Nuclear Engineers – Active IOCs
Contents
North Korea-Linked Konni APT Group – Active IOCs
December 23, 2024ICS: Delta Electronics DTM Soft Vulnerability
December 23, 2024North Korea-Linked Konni APT Group – Active IOCs
December 23, 2024ICS: Delta Electronics DTM Soft Vulnerability
December 23, 2024Severity
High
Analysis Summary
An infamous threat actor associated with the DPRK, the Lazarus Group, has been seen using a sophisticated infection chain to target at least two employees of an unidentified nuclear-related business in January 2024 for one month.
The attacks, which resulted in the installation of a new modular backdoor called CookiePlus, are a component of Operation Dream Job, a lengthy cyber espionage campaign that researchers also track as NukeSped. Since at least 2020, it has been known to be operational. These activities frequently entail offering developers and workers in a variety of industries, such as defense, aerospace, cryptocurrency, and other international sectors, enticing employment prospects that eventually result in the installation of malware on their computers.
As part of the …
December 23, 2024ICS: Delta Electronics DTM Soft Vulnerability
December 23, 2024North Korea-Linked Konni APT Group – Active IOCs
December 23, 2024ICS: Delta Electronics DTM Soft Vulnerability
December 23, 2024Severity
High
Analysis Summary
An infamous threat actor associated with the DPRK, the Lazarus Group, has been seen using a sophisticated infection chain to target at least two employees of an unidentified nuclear-related business in January 2024 for one month.
The attacks, which resulted in the installation of a new modular backdoor called CookiePlus, are a component of Operation Dream Job, a lengthy cyber espionage campaign that researchers also track as NukeSped. Since at least 2020, it has been known to be operational. These activities frequently entail offering developers and workers in a variety of industries, such as defense, aerospace, cryptocurrency, and other international sectors, enticing employment prospects that eventually result in the installation of malware on their computers.
As part of the …
IoC
95dc085b0fea4a8d80df11ba1409a2df89ca97d980ba3dcf8e90d31e9d3fd533
f5873ecd60390e7b86db5ddaf158ed201b386be26ad80af8a7da3576446520b8
57d60872a6239449116c9c609838906cec923ef5
ba5f3bbe77eef8e730fde5f7ab493e4ed3d954b9fa70a234eda6fe3c2fc1d572
0d17d477207d717f4e1be67e96c925aae473109d
1876e829b675e86e950f2e701ab9b2c4a56b4817
6f9b79c20330a7c8ade8285866e5602bb86b50a817205ee3c8a466101193386d
cf8c0999c148d764667b1a269c28bdcb
80ab98c10c23b7281a2bf1489fc98c0d
8edcd1d8d390d61587d334f4527e569a5bdf915c
5eac943e23429a77d9766078e760fc0b
4c4abe85a1c68ba8385d2cb928ac5646
58f2972c6a8fc743543f7b8c4df085c5cf2c6e674e5601e85eec60cd269cfb3c
2a900fbfdd65dafe6fadc4d5706e151c8b72230a
00a2952a279f9c84ae71367d5b8990c1
f5873ecd60390e7b86db5ddaf158ed201b386be26ad80af8a7da3576446520b8
57d60872a6239449116c9c609838906cec923ef5
ba5f3bbe77eef8e730fde5f7ab493e4ed3d954b9fa70a234eda6fe3c2fc1d572
0d17d477207d717f4e1be67e96c925aae473109d
1876e829b675e86e950f2e701ab9b2c4a56b4817
6f9b79c20330a7c8ade8285866e5602bb86b50a817205ee3c8a466101193386d
cf8c0999c148d764667b1a269c28bdcb
80ab98c10c23b7281a2bf1489fc98c0d
8edcd1d8d390d61587d334f4527e569a5bdf915c
5eac943e23429a77d9766078e760fc0b
4c4abe85a1c68ba8385d2cb928ac5646
58f2972c6a8fc743543f7b8c4df085c5cf2c6e674e5601e85eec60cd269cfb3c
2a900fbfdd65dafe6fadc4d5706e151c8b72230a
00a2952a279f9c84ae71367d5b8990c1