Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

North Korean hackers are carrying out even more cyberattacks than previously thought

A white padlock on a dark digital background.

The Lazarus Group and its subsidiaries are running even more hacking campaigns than previously thought. Three separate campaigns linked to North Korea’s most active state-sponsored threat actors have been reported in recent weeks, abusing various zero-days to steal sensitive information from target endpoints and deploy malware to establish persistence.

BleepingComputerreported that the US National Cyber Security Centre (NCSC) and South Korea’s National Intelligence Service (NIS) recently observed Lazarus abusing a zero-day in MagicLine4NX for supply chain attacks. MagicLine4NX is a security authentication software that allows secure logins for company employees. 

By leveraging the flaw, the group was able to drop malicious code onto the endpoints of their targets, conducting reconnaissance, data exfiltration, malware drops, lateral network movement, and more.


Funding nukes

Finally, last week Microsoft warned of Lazarus targeting CyberLink, a known multimedia company from Taiwan. The group used this privilege to infect one of CyberLink’s installers with malware, resulting in infections wherever the software was updated.

The companies that grab the infected update will get LambLoad, a malware downloader that doesn’t work on devices protected by FireEye, CrowdStrike, or Tanium, Microsoft added. 

If LambLoad spots none of these endpoint protection tools on the device, however, it will drop a fake PNG file that deploys the final payload. This payload can steal sensitive data, infiltrate software build environments, progress downstream, establish persistent access, and more.

Lazarus is mostly interested in corporate espionage, financial fraud, and cryptocurrency theft. In fact, the group was behind one of the largest cryptocurrency heists of all time, when it managed to walk away with more than half a billion dollars in various cryptocurrencies from the Vietnamese Ronin bridge. 

Researchers speculate that the money is being used to fund North Korea’s nuclear program.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.