2025-01-31 08:37:41 Pacfic
Lazarus Group Targets Nuclear Industry - 6d
The Lazarus Group, a hacking collective with ties to North Korea, is intensifying its cyber operations against the nuclear industry, employing sophisticated new malware and tactics. Recent attacks have targeted employees within 'nuclear-related' organizations using trojanized virtual network computing (VNC) utilities disguised as job assessment tests. These disguised archives delivered malware via ISO and ZIP files, and they used a modified AmazonVNC.exe, combined with legitimate UltraVNC components to execute attacks. This method allows the group to establish a layered infection chain that helps them to evade detection.
These cyber intrusions use complex infection chains and modular malware that use a variety of components, such as downloaders, loaders and backdoors. The malware includes 'CookieTime' which can download payloads and 'CookiePlus', disguised as a Notepad++ plugin, which uses advanced decryption techniques to fetch plugins. The group's motivation behind the attacks is believed to be both financial gain and espionage. The ongoing attacks highlight the evolving threat landscape posed by state-sponsored actors targeting sensitive industries and organizations.
ImgSrc: hackread.com
References:
- cyberinsider.com - North Korean Hackers ‘Lazarus’ Target Nuclear Orgs with New Malware - 7d
- osint10x.com - North Korean hackers spotted using new tools on employees of 'nuclear-related' org - 7d
- CyberInsider - The notorious Lazarus Group has evolved its infection tactics, employing both updated and novel malware like ‘CookiePlus' to infiltrate targets in defense, aerospace, cryptocurrency, and nuclear ind - 7d
- Osint10x - North Korean hackers spotted using new tools on employees of 'nuclear-related' org - 7d
- ciso2ciso.com - Lazarus APT targeted employees at an unnamed nuclear-related organization - 6d
- Security Archives - Security Affairs - Lazarus APT targeted employees at an unnamed nuclear-related organization - 6d
- www.cybersecurity-insiders.com - Lazarus launches malware on Nuclear power org and Kaspersky Telegram Phishing scams - 6d
- CISO2CISO.COM & CYBER SECURITY GROUP - Lazarus APT targeted employees at an unnamed nuclear-related organization - 6d
- www.cybersecurity-insiders.com - Lazarus launches malware on Nuclear power org and Kaspersky Telegram Phishing scams - 6d
- CISO2CISO.COM & CYBER SECURITY GROUP - Lazarus Group Targets Nuclear Industry with CookiePlus Malware – Source:hackread.com - 5d
- @jos1264 - Lazarus Group Targets Nuclear Industry with CookiePlus Malware – Source:hackread.com - 5d
Classification:
- HashTags: LazarusGroup NorthKorea NuclearSecurity
- Company: Kaspersky
- Target: Nuclear Organizations
- Attacker: Lazarus Group
- Product: CookiePlus
- Feature: malware
- Type: Espionage
- Severity: Major