North Korean hackers have reportedly stolen 100GB of data from a leading research university, as well as healthcare organizations, defense organizations, energy, etc.

 

North Korean hackers have reportedly stolen 100GB of data from a leading research university, as well as healthcare organizations, defense organizations, energy, etc.  Lazarus Group is believed to be behind the campaign. Lazarus Group is believed to have used two flaws to breach its targets: CVE-2022-27925, and CVE-2022-37042. Researchers claim that Lazarus has changed some of its methods, now using only IP addresses for their infrastructure, choosing to remove domain names altogether. The group is believed to have used new Dtrack and GREASE malware variants. Once the hackers breached the victims, they moved laterally for over two months to gain access credentials and steal data. The campaign was deployed between August and November 2022, reaching its peak damage level in November. The Kimusky hacker group may have also been involved due to the use of Grease malware in the hacking campaign. The latter is tied with Kimusky. Security researchers concluded that the time zone in which the hackers were most active is UTC+9, which covers the Korean peninsula.