North Korean state hackers start targeting the IT supply chain

North Korean-sponsored Lazarus hacking group has switched focus on new targets and was observed by Kaspersky security researchers expanding its supply chain attack capabilities.

Lazarus used a new variant of the BLINDINGCAN backdoor to target a South Korean think tank in June after deploying it to breach a Latvian IT vendor in May.

'In the first case discovered by Kaspersky researchers, Lazarus developed an infection chain that stemmed from legitimate South Korean security software deploying a malicious payload,' the researchers said.

'In the second case, the target was a company developing asset monitoring solutions in Latvia, an atypical victim for Lazarus.'

The Lazarus Group (also tracked as HIDDEN COBRA by the United States Intelligence Community) is a military hacking group backed by the Democratic People's Republic of Korea and active since at least 2009.

They are known for targeting high-profile organizations such as Sony Films in Operation Blockbuster and multiple banks worldwide and for coordinating the 2017 global WannaCry ransomware campaign.

Full article on https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-start-targeting-the-it-supply-chain/

#northkorea #security #lazarus #backdoor #it #supplychain #backup #yokdata #BeCyberSmart