Security researchers: Here's how the Lazarus hackers start their attacks

The Lazarus hacking group is one of the top cybersecurity threats from North Korea, recently catching the attention of the US government for massive cryptocurrency heists. 

Now researchers at NCCGroup have pieced together a few of the tools and techniques Lazarus hackers have been using recently, including social engineering on LinkedIn, messaging US defense contractor targets on WhatsApp, and installing the malicious downloader LCPDot. 

NCCGroup’s findings build on what’s already known about Lazarus hackers. The group, and its sub groups, are known to have used LinkedIn for tricking targets into installing malicious files such as Word documents with hidden macros. 

SEE: Google: Multiple hacking groups are using the war in Ukraine as a lure in phishing attempts

In February, researchers at Qualys found the group impersonating defense contractor Lockheed Martin, using its name as a lure for job opportunities in laced Word documents. The documents contained malicious macros to install malware and relied on Scheduled Tasks to persist on a system.         

Lazarus historically has used LinkedIn as a preferred social network to contact professionals with job offers. In 2020, researchers at F-Secure found the group attempting to recruit a

Read More: https://www.zdnet.com/article/security-researchers-heres-how-the-lazarus-hackers-start-their-attacks/#ftag=RSSbaffb68