The notorious North Korean hacker group APT Lazarus group seems to be participating in coordinated attacks against Russian-based companies for the first time, IT-online reported.
According to researchers at CheckPoint, the attacks over the past several weeks were likely launched by the Lazarus subdivision “Bluenoroff, whose main focus is monetization and global espionage campaigns.”
The North Koreans choosing to cyber-attack Russia is an “unusual choice,” the software company said, as “usually, these attacks reflect the geopolitical tensions between the DPRK and nations such as the U.S, Japan and South Korea. In this case, though, it is probably Russian organizations who are the targets.”
According to the research, the North Korean hackers have been targeting Russian firms with emails containing malicious Microsoft Office documents. If a recipient opens the attachment, malicious code is launched that installs the KEYMARBLE backdoor malware on the victim’s system.
The Lazarus Group is widely considered to be among the most dangerous hacking groups out there. While it has targeted numerous organizations across the globe, including Sony Pictures in 2014, the group has not gone after Russian firms until now, probably because of the relatively good relations between Russia and North Korea.
Multiple attacks against cryptocurrency exchanges and mining marketplaces were also attributed to Lazarus between 2017 and 2018 by Russian cyber-security vendor Group-IB, apparently netting the group more than $550 million.
Check Point’s researchers are therefore surprised by the new campaign and have no direct explanation for why Lazarus Group has suddenly decided to go after Russian targets.