Over the past year, the Lazarus Group has used flaws in an undisclosed software to breach a financial business entity in South Korea on two distinct occasions. As opposed to the first attack in May 2022, the re-infiltration in October 2022 exploited a zero-day vulnerability in the same certificate software widely used by public institutions and universities. The APT, after gaining an initial foothold through a BYOVD attack, abused the zero-day vulnerability to perform lateral movement.
Read full article on Heimdal Security Blog