Hacker group Lazarus pretends to be Lockheed Martin
The Qualys research team announces that it has identified a new attack scheme by the Lazarus group, targeting the defense sector with phishing baits.
In its latest attack, the APT group (hacker group with ties to North Korea) has posed as Lockheed Martin – a company that is heavily involved in aviation, military technology, defense systems and space exploration. The company generated sales of $ 65.4 billion in 2020 and employs around 114,000 people worldwide.
The identified variants are aimed at job applicants from Lockheed Martin Corporation. This attack pattern is similar to attacks that have already been observed in the past. In these, Lazarus posed as a defense company like Northrop Grumman and BAE Systems with open vacancies. Qualys refers to this campaign as “LOLZarus” because various LOLbins were used in the observed examples – some of which are the first documented use of the LOLbins by a known attacker.
Jörg Vollmer, General Manager Field Operations DACH at Qualys
“With sophisticated attacks like this, criminal actors can quickly cause large-scale damage,” says Jörg Vollmer from Qualys . “As soon as an employee falls for the phishing attack and opens one of the infected documents, the malware contained in it spreads unhindered in the corporate network. The damage caused by this can often no longer be reversed. For companies, the best protection against damage caused by ransomware is to take a preventive approach in conjunction with appropriate cyber hygiene. This includes the company’s vulnerability management process with a precise tracking of the vulnerability remediation as well as ensuring compliance with guidelines. Ideally, companies use an automated solution that keeps network configurations, backups, application access and patches up to date. End-to-end protection against external attacks is only guaranteed if good cyber hygiene practices are followed and all assets in the corporate network are continuously monitored and managed in real time.“