HomeSecurity OperationsNorth Korean Lazarus hackers conduct major cyberattack by replicating open source software

North Korean Lazarus hackers conduct major cyberattack by replicating open source software

Published on

spot_img

A recent report released by cybersecurity researchers SecurityScorecard has revealed that the infamous North Korean hacking group Lazarus has been targeting software developers, specifically those in the Web3 industry, with infostealing malware. This campaign, dubbed Phantom Circuit, has resulted in multiple repositories being poisoned with malicious code, infecting over 1,500 victims, primarily located in Europe, India, and Brazil.

The modus operandi of Lazarus involves grabbing open source tools, injecting them with malware, and then uploading them back to code repositories like Gitlab. Unsuspecting developers then unwittingly download these tainted tools, leading to their systems getting infected with infostealers. Some of the compromised repositories identified in the report include Codementor, CoinProperty, and Web3 E-Store, along with other cryptocurrency-related apps and authentication packages.

Ryan Sherstobitoff, Senior VP of research and threat intelligence at SecurityScorecard, highlighted the range of tools utilized by Lazarus in their attacks, without confirming whether known infostealers were employed in this specific campaign. However, the group has a history of employing various tools to achieve their objectives.

Lazarus is commonly associated with targeting cryptocurrency companies, with speculations indicating that the group may be involved in cryptocurrency theft to support North Korea’s state apparatus and weapons program. One of their notable tactics is the fictitious job offers under Operation DreamJob, where they lure Web3 developers with lucrative job opportunities and trick them into downloading malware during the interview process.

During one such instance, Lazarus managed to steal approximately $600 million by exploiting vulnerabilities in the target’s systems. This highlights the sophisticated and financially motivated nature of the group’s cyber activities, which pose a significant threat to organizations and individuals in the digital landscape.

Overall, the Phantom Circuit campaign orchestrated by Lazarus serves as a stark reminder of the growing sophistication and persistence of cyber threats, particularly from state-sponsored hacking groups. As technology continues to advance, it is crucial for individuals and organizations to remain vigilant and proactive in safeguarding their digital assets against such malicious actors.

Source link

Latest articles

CVE-2025-0994 Trimble Cityworks Now Listed in CISA Catalog

The addition of a critical vulnerability to the Known Exploited Vulnerabilities (KEV) Catalog by...

XE Group transitions from credit card skimming to exploiting zero-day vulnerabilities

In a recent shift of tactics, the notorious cybercrime group XE Group has transitioned...

Hackers infiltrate Microsoft IIS services through Cityworks RCE vulnerability

Hackers have successfully exploited a critical vulnerability in Cityworks deployments, a software used for...

Information about Home Office Apple iCloud access and FBI message scam alert

The UK Home Office, a government body overseeing key functions such as immigration, national...

More like this

CVE-2025-0994 Trimble Cityworks Now Listed in CISA Catalog

The addition of a critical vulnerability to the Known Exploited Vulnerabilities (KEV) Catalog by...

XE Group transitions from credit card skimming to exploiting zero-day vulnerabilities

In a recent shift of tactics, the notorious cybercrime group XE Group has transitioned...

Hackers infiltrate Microsoft IIS services through Cityworks RCE vulnerability

Hackers have successfully exploited a critical vulnerability in Cityworks deployments, a software used for...