Energy providers hacked globally by North Korean Lazarus Group

Between February and July 2022, the North Korean threat actor Lazarus Group ran a malicious campaign against energy providers all over the world. The campaign was previously revealed in part by Symantec and AhnLab in April and May, and Cisco Talos is now providing additional details.

In an advisory on Thursday, security researchers said that the Lazarus campaign involved the exploitation of vulnerabilities in VMWare Horizon to gain initial access to targeted organisations. Cisco Talos states that the recent Lazarus attacks have targeted energy providers from various countries, including the United States, Canada, and Japan.

The new Cisco Talos advisory is just the latest in a long line of documents detailing the Lazarus Group’s hacking operations this summer. Elliptic, a blockchain analytics company, suggested in June that the threat actor was responsible for the US$100 million theft from cryptocurrency firm Harmony. The Block recently linked the group to Axie Infinity’s US$600 million hack.