Skip to main content

Lazarus Group returns with major spearphishing campaign

(Image credit: Image Credit: wk1003mike / Shutterstock)

North Korean hacking outfit Lazarus Group is targeting users around the world with a major new spearphishing campaign.

Security firm McAfee says it has found evidence linking Lazarus to the huge Operation Sharpshooter attack first detected last December which uses sophisticated spearphishing emails disguised as job recruitment messages.

The attacks, which McAfee says are still ongoing today, have targeted the likes of defense, government, energy and critical infrastructure organisations across the world, uses "extremely convincing" job recruitment emails to gain access to systems.

McAfee says that Operation Sharpshooter may have been in operation since September 2017, but this is the first time it could attributed to Lazarus thanks to new technical information. 

Back in December, the company said it looked like the hackers weren't making any concrete moves, but instead, are focused on data gathering, getting as much information about their target systems as they can. 

If a PC did get infected, it then downloaded the actual malware, called Rising Sun, which monitors network activity, gathers information from infected systems, and sends it back home. 

“We continue to see cybercriminals using spearphishing and other social engineering techniques to infiltrate their targets with a high degree of success," said Grant Bourzikas, Chief Information Security Officer at McAfee.

"As a CISO, it is imperative organizations take note of these methods and adopt a dual strategy with advanced email protection solutions and employee education to guard against these increasingly sophisticated attacks and protect their internal infrastructure.”

Mike Moore is Deputy Editor at TechRadar Pro, and has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and ITProPortal.