. home.aspx



North Korean Lazarus Group Starts Targeting Russian Organizations

February 20, 2019 / Lucian Constantin

In an unusual move, the Lazarus hacking group associated with the North Korean government has recently started targeting organizations from Russia. The group’s primary targets until now have been organizations from countries with which North Korea has geopolitical tensions, such as South Korea, Japan and the United States. Researchers from Check Point Software Technologies found malicious Word and Excel documents that had been uploaded to the VirusTotal scanner in January from Russia. The files contained malicious macros and images with Russian text, yet had a Korean code page. The text was meant to convince users to enable the macros, which triggered an infection chain that downloaded a malicious VBS script from a Dropbox account and executed it. That script then downloaded a CAB archive that contained the final payload, a remote access tool (RAT) dubbed KEYMARBLE. The US-CERT issued an alert about KEYMARBLE in August and attributed it to Kidden Cobra, the name the organization ...