Tuesday, May 13, 2025
HomeCyber AttackLazarus hacker Group Attack Defence Industries with custom-made Malware ThreatNeedle

Lazarus hacker Group Attack Defence Industries with custom-made Malware ThreatNeedle

Published on

SIEM as a Service

Follow Us on Google News

Lazarus has now added the defence industry to its growing list of victims. Lazarus is a North Korean hacking group that has been active since 2009. The group has primarily been linked with ransomware campaigns, cyberespionage, and attacks against the cryptocurrency market. 

Researchers at Kaspersky were made aware of the attack on the defence industry when they had responded to an incident, and had discovered a backdoor that was subsequently named ThreatNeedle. The main goal of the backdoor is to extract confidential information and send it to the attackers by moving laterally through the infected networks.

Spearphishing is the method commonly used to deliver ThreatNeedle to the targets. The malicious Word documents are written to sound like urgent communication and updates regarding COVID-19.

- Advertisement - Google News

ThreatNeedle is installed upon the document being opened, and this allows the attacker to take control of the infected machine.

Though this sounds like a regular malware that infects your system and steals data, it is nothing like it. It is more a malware on steroids than your run of the mill softwares. ThreatNeedle is capable of jumping between internet-facing office networks and restricted access operational technology (OT) networks where mission-critical hardware lives. 

The policies of the victim companies state that under no circumstance should data be able to be transferred between the two networks. However, administrators had the ability to connect to both solely for the purpose of maintenance.

“Lazarus was able to obtain control of administrator workstations and then set up a malicious gateway to attack the restricted network and to steal and extract confidential data from there. Not only were they able to overcome network segmentation, but they did extensive research to create highly personalized and effective spearphishing emails and built custom tools to extract the stolen information to a remote server. With industries still dealing with remote work and, thus, still more vulnerable, it is important that organizations take extra security precautions to safeguard against these types of advanced attacks, Kaspersky said.

Precautions to be taken:

  1. Extensive training to the staff regarding cybersecurity hygiene
  2. Teach and make the staff aware of the internal policies
  3.  Segmenting OT networks from IT networks
  4. Provide the latest threat intelligence to the security teams
  5. Have dedicated OT network security including but not limited to traffic monitoring, analysis, and threat detection.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as...

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black...

APT37 Hackers Use Weaponized LNK Files and Dropbox for Command-and-Control Operations

The North Korean state-sponsored hacking group APT37, also known as ScarCruft, launched a spear...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as...

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black...