Lazarus Group Targets Six South Korean Firms in Sophisticated Cyberattack Campaign
- Jhade
- 2 days ago
- 1 min read
Major Espionage Operation Uncovered
In a recent cyber espionage campaign dubbed "Operation SyncHole," the North Korea-linked Lazarus Group has targeted at least six South Korean organizations. These include companies in the software, IT, finance, semiconductor manufacturing, and telecommunications sectors.
Exploitation of Local Software Vulnerabilities
According to cybersecurity firm Kaspersky, the attacks, first detected in November 2024, utilized watering hole strategies and software vulnerabilities common in South Korea. A major entry point was a security flaw in Cross EX, a legitimate application used for online banking and government services, which the group used to deploy malware.
Advanced Malware Tools Deployed
The hackers used a range of malware tools associated with Lazarus, including ThreatNeedle, AGAMEMNON, wAgent, SIGNBT, and COPPERHEDGE. The initial infection vector redirected users from compromised South Korean media websites to malicious domains, exploiting browser vulnerabilities to install malware.
Zero-Day Exploit Enables Lateral Movement
In a more advanced stage of the attack, Lazarus exploited a zero-day vulnerability in Innorix Agent, a file transfer solution, allowing for lateral movement across compromised networks. This vulnerability has since been patched by the software developers.
Ongoing Threat and Security Recommendations
Kaspersky warns that the Lazarus Group is likely to continue its targeted attacks, focusing on South Korean supply chains. They recommend that organizations take immediate cybersecurity measures, including software updates, employee awareness, and network segmentation, to reduce the risk of future breaches.
