Pixabay
Who is the Lazarus Group?
A North Korean threat actor group has increased its activities in the aftermath of the coronavirus outbreak, particularly when it comes to ‘fileless’ attacks, spreading new malware samples, and attacking cryptocurrency businesses, among others.
Targeted countries: India, Japan, Singapore, South Korea, the US, and the UK.
Tactics, techniques, and procedures: Phishing attacks, credential harvesting, impersonation, website spoofing, and data exfiltration
Motive: Using phishing emails that look as though they were sent by the local authorities in charge of dispensing government-funded COVID-19 support initiatives, the hackers try to drive recipients to fake websites where they can be tricked into divulging personal and financial information.
Evidence: Cyfirma was able to intercept seven email templates impersonating government departments and institutions like the Bank of England, Singapore’s Ministry of Manpower, Japan’s Ministry of Finance, and others.
Known email IDs used by the Lazarus group:
covid19notice@usda.gov
ccff-applications@bankofengland.co.uk
covid-support@mom.gov.sg
covid-support@mof.go.jp
ncov2019@gov.in
fppr@korea.kr