DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

Lazarus targets defense industry with ThreatNeedle

Posted on February 25, 2021 by Dissent

Vyacheslav Kopeytsev and Seongsu Park write:

We named Lazarus the most active group of 2020. We’ve observed numerous activities by this notorious APT group targeting various industries. The group has changed target depending on the primary objective. Google TAG has recently published a post about a campaign by Lazarus targeting security researchers. After taking a closer look, we identified the malware used in those attacks as belonging to a family that we call ThreatNeedle. We have seen Lazarus attack various industries using this malware cluster before. In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Read more on Kaspersky SecureList or download:

Lazarus targets defense industry with ThreatNeedle (PDF)

Related Posts:

  • Operation Blockbuster Coalition Ties Sony, Other…
  • U.S. CERT issues report on remote hacking tool used…
  • Kaspersky finds Lazarus is now operating its own ransomware
  • Big businesses band together in urging lawmakers to…
  • DeBridge Team Foils Possible Lazarus Group Cyberattack

Post navigation

← Indian Army Probes Alleged Data Breach In Northern Command Amid Border Tensions
FDA Names First Acting Director of Medical Device Cybersecurity →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • U.K.: Hospitals urged to improve data protection standards following incident at NHS Fife
  • International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war
  • Ransomware attack on indie game maker wiped all player accounts
  • Hospitals in multiple states diverting patients after Ardent Health Services hit with ransomware attack
  • DHS/CISA and UK NCSC Release Joint Guidelines for Secure AI System Development
  • Henry Schein re-encrypted by BlackCat again
  • Europe’s grid is under a cyberattack deluge, industry warns
  • Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net