web analytics
Home » Technology » Microsoft » Windows » North Korean Hackers Use Windows Update and GitHub to Attack

North Korean Hackers Use Windows Update and GitHub to Attack

Security researchers at Malwarebytes have discovered an insidious spear phishing campaign launched by North Korean hacker group Lazarus. In the new campaign, the hackers took advantage of Windows Update and circumvented security measures. That comes from a Malwarebytes Report. Lazarus is one of the most advanced North Korean hacking groups, active since at least 2009. The group is responsible for many attacks in the past and has received worldwide attention – targets mainly include key companies, government agencies and politicians. Malwarebytes has been tracking the group’s activities for a long time and was able to discover a new campaign on January 18, 2022. Infographic: These are the most successful subject lines in phishing. Hacker groups such as Lazarus are simply called Advanced Persistent Threat or APT hackers, because they target victims and do not use botnets to search for possible victims, for example. This is now the case with the newly discovered campaign, although Malwarebytes does not state which target it was in the public report. But the campaign itself is tricky: The group used manipulated, malicious documents claiming to be offering a job at Lockheed Martin. They are specifically emailed to employees of a group.

Windows update for downloads

The Lazarus group used Windows Update to bypass security detection mechanisms. Malwarebytes notes that this is a “clever” use of Windows Update: “This is an interesting technique that Lazarus uses to run its malicious DLL via Windows Update Client, bypassing its security detection mechanisms,” according to Malwarebytes. “This method allows the threat actor to run its malicious code through the Microsoft Windows Update client?”. The Lazarus group also used GitHub for their attack. Using GitHub makes it difficult for security products to distinguish between malicious and legitimate content. This is the first time Malwarebytes has observed the group using GitHub in this way. The Lazarus group had previously used spear phishing tactics to obtain COVID-19 research. Lazarus has also been linked to the well-known attack on Sony and the WannaCry ransomware attack. Malwarebytes has made sure that Github has removed all used documents. Not much is known about the attack at this time.
To download How Defender and Other Antivirus Apps Don’t Work in Parallel , hacked, data processing, china hacker, russian hacker, security report, malware warning, protection