North Korean Lazarus APT Targets Software Supply Chain

North Korean Lazarus APT Targets Software Supply Chain

A notorious North Korean APT group has been observed compromising the software supply chain, in campaigns reminiscent of the attacks on SolarWinds and Kaseya, according to Kaspersky.

Lazarus infected legitimate South Korean security software to deploy a malicious payload to target a think tank in the Asian country, researchers explained. 

Used in the attack was an updated version of its BLINDINGCAN remote access Trojan (RAT) previously covered by the US authorities and a second RAT, dubbed COPPERHEDGE.

A second campaign saw Lazarus first target a Latvian IT asset monitoring solutions provider. Although it’s unclear whether there were any downstream victims, the attack involved using a downloader dubbed “Racket,” which was signed using a stolen certificate. Additionally, multiple vulnerable web servers were reportedly compromised at the firm, and malicious scripts were uploaded to control implants on breached machines.

Kaspersky also noted a renewed interest by Lazarus in the defense industry. In June, it spotted cyber-espionage attacks using the MATA framework, which works across three operating systems — Windows, Linux and macOS.

The attacks involved trojanized versions of apps in heavy use by the victim organizations, Kaspersky said.

“These recent developments highlight two things: Lazarus

Read More: https://www.infosecurity-magazine.com/news/north-korean-lazarus-software/