Lazarus Group's Operation Dream Magic
Contents
The Lazarus group is a hacking group that is known to be state-sponsored and is actively conducting hacking activities worldwide for financial gain, data theft, and other purposes.
A simplified overview of the Lazarus group’s watering hole attack that abused the INISAFE vulnerability is as follows: a malicious link was inserted within a specific article on a news website. Consequently, companies and institutions that clicked on this article were targeted for hacking. The hackers exploited vulnerable Korean websites with C2 to facilitate their attacks and implemented IP filtering for selective targeting. While the program vulnerability used in this watering hole attack has now shifted to MagicLine, the overall watering hole process remains unchanged from the earlier INISAFE case.
AhnLab coordinated the efforts of multiple teams to respond to the Lazarus group’s exploitation of the MagicLine vulnerability in their watering hole attack. There were several teams involved in this collaboration. The analysis team …
A simplified overview of the Lazarus group’s watering hole attack that abused the INISAFE vulnerability is as follows: a malicious link was inserted within a specific article on a news website. Consequently, companies and institutions that clicked on this article were targeted for hacking. The hackers exploited vulnerable Korean websites with C2 to facilitate their attacks and implemented IP filtering for selective targeting. While the program vulnerability used in this watering hole attack has now shifted to MagicLine, the overall watering hole process remains unchanged from the earlier INISAFE case.
AhnLab coordinated the efforts of multiple teams to respond to the Lazarus group’s exploitation of the MagicLine vulnerability in their watering hole attack. There were several teams involved in this collaboration. The analysis team …