Popular according to Malwarebytes Labs North Korean activist hacker group Lazarus, Windows Update is using its client to distribute malicious code. Hackers can evade security mechanisms and leverage Github as the command and control server for their latest attacks.
Last week, the Malwarebytes Intelligence team Lockheed Martin (the world’s largest high-tech and aerospace company) has detected two new attacks used in a spear phishing campaign on business opportunities. Lazarus’ aim defense and in aviation infiltrating specialized high-level government agencies and stealing as much intelligence data as possible.
Australian Prime Minister’s WeChat account hacked
A lawmaker claimed that the WeChat account of Australian Prime Minister Scott Morrison was hacked with the support of the Chinese government.
Malware attack by North Korean hackers with Windows Update
Two documents noticed by Malwarebytes Labs were named “Lockheed_Martin_JobOpportunities.docx” and “Salary_Lockheed_Martin_job_opportunities_confidential.doc”. As their names suggest, both of these documents seem to be baiting their targeted names to new job opportunities at Lockheed Martin.
It was stated that the Lazarus team placed a series of malicious commands in Word documents and started infiltrating the system after the command was activated. Interestingly, however, some of the infiltration commands are malicious DLL was using the Windows Update client to install. This technique seems very clever as it can evade security detection systems.
Although the attack method is new, it is familiar from phishing strategies not one. This is the same strategy Lazarus has been using for over a year, known as the “Dream Job” operation. This method of attack makes government employees think they might be qualified for a much coveted job, but the applications result in the theft of sensitive data from their workstations thanks to commands in the fake file.
Malwarebytes, ESET and MacAfee Some security teams, including the North Korean group, are watching the North Korean group Lazarus carefully for his new move. The attackers’ previous operation was a huge success, as it infiltrated dozens of companies and organizations globally, including Israel.