Lazarus targets nuclear-related organization with new malware
Contents
Over the past few years, the Lazarus group has been distributing its malicious software by exploiting fake job opportunities targeting employees in various industries, including defense, aerospace, cryptocurrency, and other global sectors. This attack campaign is called the DeathNote campaign and is also referred to as “Operation DreamJob”. We have previously published the history of this campaign.
Recently, we observed a similar attack in which the Lazarus group delivered archive files containing malicious files to at least two employees associated with the same nuclear-related organization over the course of one month. After looking into the attack, we were able to uncover a complex infection chain that included multiple types of malware, such as a downloader, loader, and backdoor, demonstrating the group’s evolved delivery and improved persistence methods.
In this blog, we provide an overview of the significant changes in their infection chain and show how they combined the use of new and …
Recently, we observed a similar attack in which the Lazarus group delivered archive files containing malicious files to at least two employees associated with the same nuclear-related organization over the course of one month. After looking into the attack, we were able to uncover a complex infection chain that included multiple types of malware, such as a downloader, loader, and backdoor, demonstrating the group’s evolved delivery and improved persistence methods.
In this blog, we provide an overview of the significant changes in their infection chain and show how they combined the use of new and …
IoC
b0e795853b655682483105e353b9cd54
2b2cbc8de3bdefcd7054f56b70ef58b4
778942b891c4e2f3866c6a3c09bf74f4
4c4abe85a1c68ba8385d2cb928ac5646
e6a1977ecce2ced5a471baa52492d9f3
0ee8246de53c20a424fb08096922db08
d966af7764dfeb8bf2a0feea503be0fd
00a2952a279f9c84ae71367d5b8990c1
37973e29576db8a438250a156977ccdf
c6323a40d1aa5b7fe95951609fb2b524
e0dd4afb965771f8347549fd93423985
1315027e1c536d488fe63ea0a528b52d
cf8c0999c148d764667b1a269c28bdcb
80ab98c10c23b7281a2bf1489fc98c0d
bf5a3505273391c5380b3ab545e400eb
739875852198ecf4d734d41ef1576774
fdc5505d7277e0bf7b299957eadfd931
57453d6d918235adb66b896e5ab252b6
5eac943e23429a77d9766078e760fc0b
2b2cbc8de3bdefcd7054f56b70ef58b4
778942b891c4e2f3866c6a3c09bf74f4
4c4abe85a1c68ba8385d2cb928ac5646
e6a1977ecce2ced5a471baa52492d9f3
0ee8246de53c20a424fb08096922db08
d966af7764dfeb8bf2a0feea503be0fd
00a2952a279f9c84ae71367d5b8990c1
37973e29576db8a438250a156977ccdf
c6323a40d1aa5b7fe95951609fb2b524
e0dd4afb965771f8347549fd93423985
1315027e1c536d488fe63ea0a528b52d
cf8c0999c148d764667b1a269c28bdcb
80ab98c10c23b7281a2bf1489fc98c0d
bf5a3505273391c5380b3ab545e400eb
739875852198ecf4d734d41ef1576774
fdc5505d7277e0bf7b299957eadfd931
57453d6d918235adb66b896e5ab252b6
5eac943e23429a77d9766078e760fc0b