Kaspersky’s research and analysis team (GRAAT) has revealed a new campaign of the Lazarus group, which points to global organizations. The investigation, presented at the Security Analyst Summit (SAS), reveals that this Sophisticated APT campaign is distributed through legitimate malware and software.

Great identified multiple cybercidents in which legitimate software was used to encrypt web communications through digital certificates. Although notifications and corrections were issued for vulnerabilities, some organizations worldwide continued to use vulnerable software versions, which created an open door for the Lazarus group.

«The Lazarus group is persistent, has an unwavering motivation and shows advanced capabilities. It operates on a global scale, heading against a wide range of sectors in different ways. It is a constant evolution threat that must always keep us alert, ”says Seongsu Park, Kaspersky Great Security Researcher.

Lazarus against legitimate software

Cybercankers exhibited a high degree of sophistication, using advanced evasion techniques and malware to keep the victim under control. They used the tool known as Lpeclient, previously used to attack victims in the Defense, Nuclear Engineering and Cryptocurrency sector.

This malware plays a crucial role at the beginning of the infection and profiling the victim, aligning with the tactics of the Lazarus group, as seen in a previous attack against the 3CX supply chain.

Kaspersky discovers a dangerous Lazarus campaign that exploits legitimate software

Lazarus several times to compromise the software supplier, possibly with the aim of stealing critical source code or interrupting the supply chain.

Security recommendations

To avoid being a victim of known or unknown threats, Kaspersky experts recommend implementing the following measures:

  • Regularly update devices, applications and antivirus software to patch known vulnerabilities
  • Use a confidence EDR solution such as Kaspersky Endpoint Detection and Response for early detection of advanced threats, as well as to investigate and solve incidents
  • Provide the SOC team for the latest threat information. The Kaspersky Threat Intelligence Portal is a simple access point for companies that offers information and data collected by Kaspersky during the last 20 years
  • Be cautious with emails, messages and calls that request sensitive information. It is essential to verify the identity of the interlocutor before sharing any confidential information or click on a link
  • Properly train the security team so that you can face the latest threats through Kaspersky Online Training
Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.