Everyday is lazarus.dayβ


2018-05-31, Dragos


Since 2017
COVELLITE compromises networks associated with civilian electric energy worldwide and gathers intelligence on intellectual property and internal industrial operations. COVELLITE lacks an industrial control system (ICS) specific capability at this time.
COVELLITE Threat Group Operations
COVELLITE operates globally with targets primarily in Europe, East Asia, and North America. US targets emerged in September 2017 with a small, targeted phishing campaign directed at select U.S. electric companies. The phishing emails contained a malicious Microsoft Word document and infected computers with malware.
The malicious emails discovered in the fall masqueraded as resumes or invitations. They delivered a remote access tool (RAT) payload which was used to conduct reconnaissance and enable persistent, covert access to victims’ machines.
COVELLITE’s infrastructure and malware are similar to the hacking organization known as LAZARUS GROUP by Novetta and HIDDEN COBRA by the U.S. Department of Homeland Security.
LAZARUS GROUP is responsible for attacks ranging from the 2014 attack on Sony Pictures …