In the first half of 2022, 360 Advanced Threat Research Institute discovered malicious activities from the Lazarus threat actor. This activity had Alibaba-related lures and delivers a payload related to the NukeSped family. This attack is highly targeted and concealed. At present, the targeted users are related to the Korean software company Hancom Secure.
REFERENCE: https://mp[.]weixin.qq[.]com/s/USitU4jAg9y2XkQxbwcAPQ
INDUSTRY: Software
TARGETED COUNTRY: Korea, Republic of
MALWARE FAMILY: NukeSped
ATT&CK IDS: T1218 - Signed Binary Proxy Execution, T1027 - Obfuscated Files or Information, T1090 - Proxy, T1003 - OS Credential Dumping
Comments