Hackers from the North Korean-linked Lazarus Group have reportedly targeted US defence contractors as tensions between the US and North Korea increase.
Researchers at Palo Alto Networks said that it is 'clear' that the Lazarus Group, which also hacked Sony in 2014, is behind the attacks; tools, techniques and procedures are shared between both operations.
"This re-use of macro source code, XOR keys used within the macro to decode implant payloads, and the functional overlap in the payloads the macros write to disk demonstrates the continued use of this tool set by this threat group," Palo Alto says in its blog post.
"In addition to tool reuse, infrastructure overlaps also exist. URLs used for hosting the malicious documents and IPv4 addresses used for command and control overlap with infrastructure previously used by the group."
Lazarus is widely accepted to be controlled by the North Korean government; it targets opposing regimes and has recently become involved in attacking private companies and financial institutions.
In this most recent campaign, the attackers have been using infected Microsoft Office files, distributed through phishing emails and using the same macros as observed before. They are likely hosted on compromised servers, writes Palo Alto.
One difference between this and earlier threats using the same payload is that these documents are written in English, rather than Korean. They describe job openings at various defence contractors, such as Sikorskys Mission Equipment.
When a computer is infected, the hacker(s) would be able to execute commands on the system. Although a basic capability, it would provide a foothold to go on to more dangerous grounds, such as installing additional tools or attempting to spread the infection to other machines in the network.
Palo Alto believes that the threat actors behind the attack will continue to use the same techniques in future campaigns. µ
Computing's DevOps Summit returns on 19 September. Attendance is free to qualifying IT leaders and other senior IT professionals, but places will go fast, so secure yours now.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago