Lazarus Group attacks take aim at software vendors for malware deployment

BleepingComputer reports that numerous software vendors have been subjected to attacks by North Korea's Lazarus Group from March to August that involved the exploitation of known software vulnerabilities for malware deployment, one of which was compromised multiple times, indicating an attempted software supply chain attack. Attacks exploiting web communications encryption software enabled Lazarus Group to facilitate the distribution of the SIGNBT malware and a payload injection shellcode, as well as a malicious DLL for establishing persistence, according to a Kaspersky report. Aside from having the capabilities to obtain system information, manage processes, secure drive lists, and download and upload files, SIGNBT could also enable the adoption of Windows commands and further retrieval of payloads, including an updated LPEClient malware and credential dumping tools. Researchers noted that the LPEClient malware, which was also used by Lazarus in concurrent campaigns against the defense and cryptocurrency industries, has been improved with additional anti-detection capabilities.