ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers.
REFERENCE: https://www.welivesecurity.com/2022/09/30/amazon-themed-campaigns-lazarus-netherlands-belgium/
TAGS: CVE-2021-21551, Dell DBUtil, http(s) backdoor, kernel memory, driver exploit, RAT, dropper, ssl sniffer, dll-sideloading
ADVERSARY: Lazarus
TARGETED COUNTRIES: Belgium, Netherlands
MALWARE FAMILIES: BLINDINGCAN, Trojan:Win32/Nukesped, Trojan:Win64/NukeSped
ATT&CK IDS: T1104 - Multi-Stage Channels, T1553 - Subvert Trust Controls, T1562 - Impair Defenses, T1055 - Process Injection, T1095 - Non-Application Layer Protocol, T1134 - Access Token Manipulation, T1082 - System Information Discovery, T1014 - Rootkit, T1027 - Obfuscated Files or Information, T1059 - Command and Scripting Interpreter, T1070 - Indicator Removal on Host, T1071 - Application Layer Protocol, T1106 - Native API, T1132 - Data Encoding, T1140 - Deobfuscate/Decode Files or Information, T1204 - User Execution, T1218 - Signed Binary Proxy Execution, T1547 - Boot or Logon Autostart Execution, T1560 - Archive Collected Data, T1566 - Phishing, T1573 - Encrypted Channel, T1574 - Hijack Execution Flow, T1584 - Compromise Infrastructure, T1587 - Develop Capabilities
Read More:
Comments