Lazarus Group (hacker group)

History

2024: Lazarus Group structure revealed

In mid-September 2024, cybersecurity researchers at Palo Alto Networks submitted data on the structure of the Lazarus Group - a notorious hacker group allegedly sponsored by North Korean intelligence.

This group has been engaged in a wide range of cybercriminal activities since at least 2009 and is known for attacks on financial institutions, corporations and critical infrastructure. Palo Alto Networks researchers revealed that six North Korean groups operate under the auspices of Lazarus: Alluring Pisces (Bluenoroff), Gleaming Pisces (Citrine Sleet), Jumpy Pisces (Andariel), Selective Pisces (TEMP.Hermit), Slow Pisces (TraderMarketplace). It is known that the Alluring Pisces (APT38), Gleaming Pisces and Selective Pisces (ZINC) groups are behind a number of high-profile hacker attacks, including the hacking of Sony Pictures in 2014 and the 2017 WannaCry ransomware campaign.

𝓲

Unsplash

It was discovered that these North Korean groups use a complex arsenal of malware that can affect all major platforms: Windows, macOS and Linux. Among the main examples are RustBucket (a three-step backdoor for macOS that uses AppleScript, Swift/Objective-C, and Rust), KANDYKORN (a five-step macOS infection chain that uses Python scripts, SUGARLOADER, and HLOADER for saving), OdicLoader (a Windows Collection and PDF masquerader) These malware families use advanced techniques such as reflexive loading, multistage loading, and encrypted command and control communications.

Palo Alto Networks researchers note that because these cyberattacks often target critical infrastructure, financial, and government facilities, it is critical that these organizations develop off-the-shelf, comprehensive cyber defense strategies.^[1]

Notes