Lazarus Targets Chemical Sector
Contents
Lazarus Targets Chemical Sector
Continuation of Operation Dream Job sees North Korea-linked APT target orgs in espionage campaign.
Symantec, a division of Broadcom Software, has observed the North Korea-linked advanced persistent threat (APT) group known as Lazarus conducting an espionage campaign targeting organizations operating within the chemical sector. The campaign appears to be a continuation of Lazarus activity dubbed Operation Dream Job, which was first observed in August 2020. Symantec tracks this sub-set of Lazarus activity under the name Pompilus.
Operation Dream Job
Operation Dream Job involves Lazarus using fake job offers as a means of luring victims into clicking on malicious links or opening malicious attachments that eventually lead to the installation of malware used for espionage.
Past Dream Job campaigns have targeted individuals in the defense, government, and engineering sectors in activity observed in August 2020 and July 2021.
Recently targeted sectors
In January 2022, Symantec detected attack activity on the networks of a number …
Continuation of Operation Dream Job sees North Korea-linked APT target orgs in espionage campaign.
Symantec, a division of Broadcom Software, has observed the North Korea-linked advanced persistent threat (APT) group known as Lazarus conducting an espionage campaign targeting organizations operating within the chemical sector. The campaign appears to be a continuation of Lazarus activity dubbed Operation Dream Job, which was first observed in August 2020. Symantec tracks this sub-set of Lazarus activity under the name Pompilus.
Operation Dream Job
Operation Dream Job involves Lazarus using fake job offers as a means of luring victims into clicking on malicious links or opening malicious attachments that eventually lead to the installation of malware used for espionage.
Past Dream Job campaigns have targeted individuals in the defense, government, and engineering sectors in activity observed in August 2020 and July 2021.
Recently targeted sectors
In January 2022, Symantec detected attack activity on the networks of a number …
IoC
164f6a8f7d2035ea47514ea84294348e32c90d817724b80ad9cd3af6f93d83f8
18686d04f22d3b593dd78078c9db0ac70f66c7138789ad38469ec13162b14cef
1cb8ea3e959dee988272904dbb134dad93539f2c07f08e1d6e10e75a019b9976
2dd29b36664b28803819054a59934f7a358a762068b18c744281e1589af00f1f
32bfdf1744077c9365a811d66a6ea152831a60a4f94e671a83228016fc87615f
35de8163c433e8d9bf6a0097a506e3abbb8308330d3c5d1dea6db71e1d225fc3
4277fcaada4939b76a3df4515b7f74837bf8c4b75d4ff00f8d464169eede01e3
4446efafb4b757f7fc20485198236bed787c67ceffc05f70cd798612424384ce
48f3ead8477f3ef16da6b74dadc89661a231c82b96f3574c6b7ceb9c03468291
4a2236596e92fa704d8550c56598855121430f96fe088712b043cba516f1c76c
52.79.118.195
54029bd4fcc24551564942561a60b906bee136264f24f43775b7a8e15095a9e0
56da872e8b0f145417defd4a37f357b2f73f244836ee30ac27af7591cda2d283
5e7edc8f1c652f53a6d2eabfbd9252781598de91dbe59b7a74706f69eb52b287
5f20cc6a6a82b940670a0f89eda5d68f091073091394c362bfcaf52145b058db
61.81.50.174
61e305d6325b1ffb6de329f1eb5b3a6bcafa26c856861a8200d717df0dec48c4
67f1db122ad8f01e5faa60e2facf16c0752f6ab24b922f218efce19b0afaf607
7491f298e27eb7ce7ebbf8821527667a88eecd5f3bc5b38cd5611f7ebefde21e
79b7964bde948b70a7c3869d34fe5d5205e6259d77d9ac7451727d68a751aa7d
7aa62af5a55022fd89b3f0c025ea508128a03aab5bc7f92787b30a3e9bc5c6e4
8769912b9769b4c11aabc523a699d029917851822d4bc1cb6cc65b0c27d2b135
8aace6989484b88abc7e3ec6f70b60d4554bf8ee0f1ccad15db84ad04c953c2d
942489ce7dce87f7888322a0e56b5e3c3b0130e11f57b3879fbefc48351a78f6
a881c9f40c1a5be3919cafb2ebe2bb5b19e29f0f7b28186ee1f4b554d692e776
bdb76c8d0afcd6b57c8f1fa644765b95375af2c3a844c286db7f60cf9ca1a22a
d815fb8febaf113f3cec82f552dfec1f205071a0492f7e6a2657fa6b069648c6
e1997d1c3d84c29e02b1b7b726a0d0f889a044d7cd339f4fb88194c2c0c6606d
e31af5131a095fbc884c56068e19b0c98636d95f93c257a0c829ec3f3cc8e4ba
ef987baef9a1619454b14e1fec64283808d4e0ce16fb87d06049bfcf9cf56af3
f29d386bdf77142cf2436797fba1f8b05fab5597218c2b77f57e46b8400eb9de
f7359490d6c141ef7a9ee2c03dbbd6ce3069e926d83439e1f8a3dfb3a7c3dc94
f8995634b102179a5d3356c6f353cb3a42283d9822e157502486262a3af4447e
ff167e09b3b7ad6ed1dead9ee5b4747dd308699a00905e86162d1ec1b61e0476
http://happy.nanoace.co.kr
http://happy.nanoace.co.kr/Content/rating/themes/krajee-fas/FrmAMEISMngWeb.asp
http://www.aumentarelevisite.com
http://www.juneprint.com
http://www.jungfrau.co.kr
http://www.ric-camid.re.kr
https://mariamchurch.com/board/news/index.asp
https://www.aumentarelevisite.com/img/context/offline.php
18686d04f22d3b593dd78078c9db0ac70f66c7138789ad38469ec13162b14cef
1cb8ea3e959dee988272904dbb134dad93539f2c07f08e1d6e10e75a019b9976
2dd29b36664b28803819054a59934f7a358a762068b18c744281e1589af00f1f
32bfdf1744077c9365a811d66a6ea152831a60a4f94e671a83228016fc87615f
35de8163c433e8d9bf6a0097a506e3abbb8308330d3c5d1dea6db71e1d225fc3
4277fcaada4939b76a3df4515b7f74837bf8c4b75d4ff00f8d464169eede01e3
4446efafb4b757f7fc20485198236bed787c67ceffc05f70cd798612424384ce
48f3ead8477f3ef16da6b74dadc89661a231c82b96f3574c6b7ceb9c03468291
4a2236596e92fa704d8550c56598855121430f96fe088712b043cba516f1c76c
52.79.118.195
54029bd4fcc24551564942561a60b906bee136264f24f43775b7a8e15095a9e0
56da872e8b0f145417defd4a37f357b2f73f244836ee30ac27af7591cda2d283
5e7edc8f1c652f53a6d2eabfbd9252781598de91dbe59b7a74706f69eb52b287
5f20cc6a6a82b940670a0f89eda5d68f091073091394c362bfcaf52145b058db
61.81.50.174
61e305d6325b1ffb6de329f1eb5b3a6bcafa26c856861a8200d717df0dec48c4
67f1db122ad8f01e5faa60e2facf16c0752f6ab24b922f218efce19b0afaf607
7491f298e27eb7ce7ebbf8821527667a88eecd5f3bc5b38cd5611f7ebefde21e
79b7964bde948b70a7c3869d34fe5d5205e6259d77d9ac7451727d68a751aa7d
7aa62af5a55022fd89b3f0c025ea508128a03aab5bc7f92787b30a3e9bc5c6e4
8769912b9769b4c11aabc523a699d029917851822d4bc1cb6cc65b0c27d2b135
8aace6989484b88abc7e3ec6f70b60d4554bf8ee0f1ccad15db84ad04c953c2d
942489ce7dce87f7888322a0e56b5e3c3b0130e11f57b3879fbefc48351a78f6
a881c9f40c1a5be3919cafb2ebe2bb5b19e29f0f7b28186ee1f4b554d692e776
bdb76c8d0afcd6b57c8f1fa644765b95375af2c3a844c286db7f60cf9ca1a22a
d815fb8febaf113f3cec82f552dfec1f205071a0492f7e6a2657fa6b069648c6
e1997d1c3d84c29e02b1b7b726a0d0f889a044d7cd339f4fb88194c2c0c6606d
e31af5131a095fbc884c56068e19b0c98636d95f93c257a0c829ec3f3cc8e4ba
ef987baef9a1619454b14e1fec64283808d4e0ce16fb87d06049bfcf9cf56af3
f29d386bdf77142cf2436797fba1f8b05fab5597218c2b77f57e46b8400eb9de
f7359490d6c141ef7a9ee2c03dbbd6ce3069e926d83439e1f8a3dfb3a7c3dc94
f8995634b102179a5d3356c6f353cb3a42283d9822e157502486262a3af4447e
ff167e09b3b7ad6ed1dead9ee5b4747dd308699a00905e86162d1ec1b61e0476
http://happy.nanoace.co.kr
http://happy.nanoace.co.kr/Content/rating/themes/krajee-fas/FrmAMEISMngWeb.asp
http://www.aumentarelevisite.com
http://www.juneprint.com
http://www.jungfrau.co.kr
http://www.ric-camid.re.kr
https://mariamchurch.com/board/news/index.asp
https://www.aumentarelevisite.com/img/context/offline.php