BleepingComputer reports that defense sector organizations around the world have been subjected to an ongoing cyberespionage campaign by North Korean state-backed threat operations, including the Lazarus Group.
Attacks launched as part of the campaign sought to exfiltrate military tech intelligence for the utilization of North Korea, according to a joint cybersecurity advisory from Germany's federal intelligence agency and South Korea's National Intelligence Service. One such instance was a supply chain attack by a North Korean threat actor against a maritime and shipping tech research center in late 2022 that involved the targeting of the organization's web service maintenance firm. After infiltrating the IT service provider, the threat actor proceeded to exfiltrate SSH credentials and compromise the Linux webserver of the research center before ensuring persistence. Meanwhile, other defense organizations have been targeted with an attack leveraging the Operation Dream Job tactics of the Lazarus Group, with threat actors establishing a fraudulent account on a job portal for future social engineering attacks.
Attacks launched as part of the campaign sought to exfiltrate military tech intelligence for the utilization of North Korea, according to a joint cybersecurity advisory from Germany's federal intelligence agency and South Korea's National Intelligence Service. One such instance was a supply chain attack by a North Korean threat actor against a maritime and shipping tech research center in late 2022 that involved the targeting of the organization's web service maintenance firm. After infiltrating the IT service provider, the threat actor proceeded to exfiltrate SSH credentials and compromise the Linux webserver of the research center before ensuring persistence. Meanwhile, other defense organizations have been targeted with an attack leveraging the Operation Dream Job tactics of the Lazarus Group, with threat actors establishing a fraudulent account on a job portal for future social engineering attacks.