Lazarus KillDisks Central American casino
Contents
The Lazarus Group gained notoriety especially after cyber-sabotage against Sony Pictures Entertainment in 2014. Fast forward to late 2017 and the group continues to deploy its malicious tools, including disk-wiping malware known as KillDisk, to attack a number of targets.
Our analysis shows that the cybercriminals behind the attack against an online casino in Central America, and several other targets in late-2017, were most likely the infamous Lazarus hacking group. In all of these incidents the attackers utilized similar toolsets, including KillDisk; the disk-wiping tool that was executed on compromised machines.
Lazarus toolset
The Lazarus Group was first identified in Novetta’s report Operation Blockbuster in February 2016; US‑CERT and the FBI call this group Hidden Cobra. These cybercriminals rose into prominence with the infamous case of cyber-sabotage against Sony Pictures Entertainment.
Some of the past attacks attributed to the Lazarus Group attracted the interest of security researchers who relied on Novetta et al’s white …
Our analysis shows that the cybercriminals behind the attack against an online casino in Central America, and several other targets in late-2017, were most likely the infamous Lazarus hacking group. In all of these incidents the attackers utilized similar toolsets, including KillDisk; the disk-wiping tool that was executed on compromised machines.
Lazarus toolset
The Lazarus Group was first identified in Novetta’s report Operation Blockbuster in February 2016; US‑CERT and the FBI call this group Hidden Cobra. These cybercriminals rose into prominence with the infamous case of cyber-sabotage against Sony Pictures Entertainment.
Some of the past attacks attributed to the Lazarus Group attracted the interest of security researchers who relied on Novetta et al’s white …
IoC
18EA298684308E50E3AE6BB66D7321A5CE664C8E
325E27077B4A71E6946735D32224CA0421140EF4
429B750D7B1E3B8DFC2264B8143E97E5C32803FF
5042C16076AE6346AF8CF2B40553EEEEA98D5321
7C55572E8573D08F3A69FB15B7FEF10DF1A8CB33
7DFE5F779E46855B32612D168B9CC5334F25B5F6
8826D4EDBB00F0A45C23567B16BEED2CE18B1B6A
D39311C74DEB60C736982C1AB74D6684DD1E1264
E4B763B4E74DE3EF24DB6F19108E70C494CD18C9
E7FDEAB60AA4203EA0FF24506B3FC666FBFF759F
325E27077B4A71E6946735D32224CA0421140EF4
429B750D7B1E3B8DFC2264B8143E97E5C32803FF
5042C16076AE6346AF8CF2B40553EEEEA98D5321
7C55572E8573D08F3A69FB15B7FEF10DF1A8CB33
7DFE5F779E46855B32612D168B9CC5334F25B5F6
8826D4EDBB00F0A45C23567B16BEED2CE18B1B6A
D39311C74DEB60C736982C1AB74D6684DD1E1264
E4B763B4E74DE3EF24DB6F19108E70C494CD18C9
E7FDEAB60AA4203EA0FF24506B3FC666FBFF759F