Campaign demonstrates the DPRK-backed cyberattackers are gaining tools to avoid EDR tools.
North Korean advanced persistent threat (APT) group Lazarus (aka UNC290) has been targeting security researchers with a phishing campaign via LinkedIn since last June.
Mandiant reported that the phishing attacks started against a US-based tech company, and noted the threat actors were using three new code families — Touchmove, Sideshow, and Touchshift — in their activities.
Posing as recruiters on LinkedIn, the group works to earn a victim's trust, and it then convinces them engage on WhatsApp or by email, where they can send a malware dropper, Mandiant explained.
"Following the identification of this campaign, Mandiant responded to multiple UNC2970 intrusions targeting US and European media organizations through spear-phishing that used a job recruitment theme and demonstrated advancements in the groups ability to operate in cloud environments and against endpoint detection and response (EDR) tools," Mandiant said about the emerging phishing campaign.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024