DESTOVER, a backdoor equipped with wiping capabilities, is another example. These include KILLMBR with a hard-coded wiping date, and QDDOS, which has duration date that wipes data ten days after infection. The disruptive operations performed by Lazarus involve DDOS attacks and Wipers with time-based triggers. Here are some examples of the group's objectives, tools, and procedures: The group is fairly versatile as well, as they use a wide variety of tools and tactics to perform their attacks. Lazarus and its various subgroups will typically perform disruption and misdirection operations as part of their objectives. The chart below shows a timeline of the group’s activities and objectives over the years.įigure 1: Timeline of Lazarus Group activitiesĪ quick glance at the timeline of the group’s activities provides clues on the way they operate. They are responsible for a wide array of financial theft incidents, including the aforementioned attack on a Bangladeshi bank.Ī subgroup focused on South Korean organizations and businesses using specifically tailored methods created for maximum effectivity. The organization also has “spin-off” groups, which focus on specific kinds of attacks and targets:Ī subgroup focused on attacking foreign financial institutions. The Lazarus group has had multiple operations over the years, most of which involve either disruption, sabotage, financial theft or espionage. Recently, the group was seen expanding into cryptocurrency attacks, with the use of the RATANKBA malware to target cryptocurrency companies Two of the group's most notable campaigns include the 2014 Sony hack, which involved sensitive company and personal information, and the 2016 Bangladeshi bank attack that stole millions of dollars from the financial institution. Ever since their first attacks, which involved DDoS operations against various organizations across different industries, the group has managed to step up their attacks even further. What do the 2014 Sony hack and the 2016 Bangladeshi bank attacks have in common? Aside from being two of the most noteworthy cybercrime incidents of the past few years, these seemingly unrelated attacks are tied together by a common thread: their perpetrator, a cybercrime group called Lazarus.įew cybercrime groups throughout history have had as much disruptive power and lasting impact as the Lazarus Group.
0 kommentar(er)
