Lazarus Attackers Turn to the IT Supply Chain

Kaspersky researchers saw The North Korean state APT use a new variant of the BlindingCan RAT to breach a Latvian IT vendor and then a South Korean think tank.

Lazarus – a North Korean advanced persistent threat (APT) group – is working on launching cyberespionage-focused attacks on supply chains with its multi-platform MATA framework.

The MATA malware framework can target three operating systems: Windows, Linux and macOS. MATA has historically been used to steal customer databases and to spread ransomware in various industries, but in June, Kaspersky researchers tracked Lazarus using MATA for cyber-espionage.

“The actor delivered a Trojanized version of an application known to be used by their victim of choice – a well-known Lazarus characteristic,” they wrote in Kaspersky’s latest quarterly threat intelligence report, released on Tuesday.

This is hardly the first time that Lazarus has attacked the defense industry, Kaspersky noted, pointing to the similar, mid-2020 ThreatNeedle campaign.

Lazarus Ramps Up Supply-Chain Attacks

Researchers have also seen Lazarus building supply-chain attack capabilities with an updated DeathNote (aka Operation Dream Job) malware cluster that consists of a slightly updated variant of the North Korean remote-access trojan (RAT) known as BlindingCan.

The U.S. Cybersecurity

Read More: