top of page

APT-C-26 (Lazarus) Analysis Report on E-commerce Attack Activities

In the first half of 2022, 360 Advanced Threat Research Institute discovered malicious activities from the Lazarus threat actor. This activity had Alibaba-related lures and delivers a payload related to the NukeSped family. This attack is highly targeted and concealed. At present, the targeted users are related to the Korean software company Hancom Secure.

REFERENCE: https://mp[.]weixin.qq[.]com/s/USitU4jAg9y2XkQxbwcAPQ

INDUSTRY: Software

TARGETED COUNTRY: Korea, Republic of


ATT&CK IDS: T1218 - Signed Binary Proxy Execution, T1027 - Obfuscated Files or Information, T1090 - Proxy, T1003 - OS Credential Dumping

1 view
bottom of page