Lazarus Group hacked a South Korean financial organization twice in 2022.
The
first breach was due to using an older software version, while the
second time, the victim had updated their software, but it had a
zero-day vulnerability. The researchers that tracked the flaw claim they
are waiting for the technical analysis to be completed to provide more
details.
- The first breach happened in May 2022. In this cyberattack, the threat actor took advantage of a certificate software bug.
- This
certificate was also used by several universities, which may be related
to the high number of cyberattacks that universities were hit by in 2022.
- Lazarus used Bring Your Own Vulnerable Driver to bypass security protocols and anti-malware software.
- After breaching the organizations, the threat actor changed filenames to hide their activity.
- Lazarus was one of the most active threat actors in 2022. The group made headlines for stealing over $600M
worth of cryptocurrency by breaching Axie Infinity's Ronin Bridge. This
attack is the largest in the history of the cryptocurrency industry.
