Lazarus sub-group targets South Korean defense firms

9 December 2023

Defense industry organizations in South Korea had data concerning anti-aircraft weapon systems exfiltrated by North Korean state-sponsored threat operation Andariel, a sub-cluster of Lazarus Group, reports The Record, a news site by cybersecurity firm Recorded Future. Andariel, which leveraged a South Korean domestic server rental firm connected to a Pyongyang-based server to facilitate the intrusions, was able to steal 1.2 TB of data, some of which had been obtained from pharmaceutical firms and research entities, according to the Seoul Metropolitan Police, which investigated the attack campaign with the FBI.

Source: SC Magazine

Date:

9 December 2023

Categorie(s):

NEWS

Tag(s):

IT, Korean, Lazarus, News, Threat Intelligence

McAfee Dominates AV-Comparatives PC Performance Test3 May 2024
Preparation: The Less Shiny Side of Incident Response – Joe Gross – ESW #3603 May 2024
Critical GitLab account takeover flaw added to CISA’s KEV Catalog2 May 2024
Microsoft, Google do a victory lap around passkeys2 May 2024
Understanding Scattered Spider, and how they perform cloud-centric identity attacks2 May 2024