Lazarus Group, the Advanced Persistent Threat (APT) hacking group linked to the North Korean government, has shifted its attention to new targets, with cybersecurity researchers noticing that the actor is expanding its supply chain attack capabilities.
As per Kaspersky’s Q3 2021 APT trends report, the APT hacking group deployed the backdoor dubbed BLINDINGCAN to attack a think tank located in South Korea in June after using it to breach an IT asset monitoring solution vendor based in Latvia in May.
In the first case discovered by Kaspersky researchers, Lazarus developed an infection chain that stemmed from legitimate South Korean security software deploying a malicious payload.
In the second case, the target was a company developing asset monitoring solutions in Latvia, an atypical victim for Lazarus.
The same report shows that Lazarus also deployed North Korean Remote Access Tool COPPERHEDGE using the BLINDINGCAN malware. The APT group previously used this RAT when attacked crypto exchanges and other similar businesses.
With the help of this backdoor, its developers are able to carry out system reconnaissance functions, execute arbitrary commands on compromised machines, and exfiltrate stolen information.
The backdoor known as BLINDINGCAN was discovered by the Cybersecurity and Infrastructure Security Agency (CISA) and