North Korean hackers use Windows Update to distribute malware
Lazarus' goal is to to infiltrate high-level government entities specializing in defense and aerospace and steal as much intelligence data as possible. The two documents are known as Lockheed_Martin_JobOpportunities.docx, and Salary_Lockheed_Martin_job_opportunities_confidential.doc. As the names suggest, they both seem to want to lure targets with new job opportunities at Lockheed Martin.
A series of malicious macro commands are embedded in Word documents and start infiltrating the system once activated, embedding immediately the code in the computer's startup system to ensure that a reboot does not interrupt the action of the virus. Interestingly, part of the injection process uses the Windows update client to install a malicious DLL. This is very clever as this technique bypasses security detection systems.
if (jQuery ("# crm_srl-th_hardware_d_mh2_1"). is (": visible")) {console.log ("Edinet ADV adding zone: tag crm_srl-th_hardware_d_mh2_1 slot id: th_hardware_d_mh2"); } The attack method is new, but the phishing strategy is not. It is the same one that Lazarus has been using for over a year, known as Operation "Dream Job". It allows in luring government employees into thinking they might be qualified for a highly coveted job, only to realize it was all a facade used to steal sensitive data from their locations.
Malwarebytes, ESET and McAfee they are all watching Lazarus closely for his next move. The group's previous campaign was a great success, as it infiltrated dozens of companies and organizations on a global scale, including Israel.
