Energy providers hacked globally by North Korean Lazarus Group
Between February and July 2022, the Lazarus Group ran a malicious campaign against energy providers all over the world. The campaign was previously revealed in part by Symantec and AhnLab in April and May. Cisco Talos now provides additional details on the North Korean threat actor’s operations.
Between February and July 2022, the North Korean threat actor Lazarus Group ran a malicious campaign against energy providers all over the world. The campaign was previously revealed in part by Symantec and AhnLab in April and May, and Cisco Talos is now providing additional details.
In an advisory on Thursday, security researchers said that the Lazarus campaign involved the exploitation of vulnerabilities in VMWare Horizon to gain initial access to targeted organisations. Cisco Talos states that the recent Lazarus attacks have targeted energy providers from various countries, including the United States, Canada, and Japan.
The new Cisco Talos advisory is just the latest in a long line of documents detailing the Lazarus Group’s hacking operations this summer. Elliptic, a blockchain analytics company, suggested in June that the threat actor was responsible for the US$100 million theft from cryptocurrency firm Harmony. The Block recently linked the group to Axie Infinity’s US$600 million hack.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.