Check Point Research has released research regarding recent suspicious activity directed against Russia-based companies.
Over the past few weeks, Check Point Research have been monitoring suspicious activity directed against Russian-based companies that exposed a predator-prey relationship that they have not seen before. For the first time they observed what seemed to be a North Korean coordinated attack against Russian entities.
While attributing attacks to a certain threat group or another is problematic, Check Point analysis reveals intrinsic connections to the tactics, techniques and tools used by the North Korean APT group, Lazarus.
The discovery came about as the research team tracked multiple malicious Office documents that were designed and crafted specifically for Russian victims.
Upon closer examination of these documents, they were able to discern that they belonged to the early stages of an infection chain which ultimately led to an updated variant of a versatile Lazarus backdoor dubbed KEYMARBLE by the US-CERT.
Sometimes referred to as Hidden Cobra, Lazarus is one of the most prevalent and active APT groups in the world today.
The group, which is known to be a North Korean sponsored threat actor, is believed to be behind some of the largest security breaches of the last decade. This includes the Sony Pictures Entertainment hack, the Bangladesh bank heist, and numerous other high stakes operations, such as the theft of millions of dollars’ worth in cryptocurrencies from at least five different cryptocurrency exchange services worldwide.