Attackers from North Korea use Windows Update to spread malware

North Korean activist group Lazarus

According to Malwarebytes Labs, the popular North Korean activist group Lazarus is leveraging the Windows Update programme to distribute malicious code, circumventing security safeguards, and using GitHub as a command and control server for its current attacks. The latest campaign was discovered last week in two Word documents used in a spear-phishing attempt involving false Lockheed Martin job offers, according to Malwarebytes Threat Intelligence.

Lazarus’ mission is to infiltrate high-tech government organisations specialising in military and aerospace and steal as much intelligence data as possible.

Lockheed Martin JobOpportunities.docx and Salary Lockheed Martin job opportunities confidential.doc are the names of the two documents. Both of these materials appear to be baiting targets into new Lockheed Martin job openings, as their names suggest.

Once triggered, a sequence of malicious macro commands embedded in Word documents begin infiltrating the system, embedding code into the computer’s start-up system to ensure that a restart does not kill down the virus.

Surprisingly, a malicious DLL is installed through the Windows Update Client as part of the injection procedure. This is incredibly clever because it gets beyond security detecting systems.

Although the attack approach is novel, the phishing strategy is not. It’s the same tactic Lazarus has been employing for over a year, codenamed “Dream Job.” This attacking strategy dupe’s government personnel into believing they are suitable for a highly sought-after position, only to discover that it was all a ruse to steal sensitive data from their computers.

Malwarebytes, ESET, and MacAfee are all keeping a close eye on Lazarus to see what it will do next. The attacker’s last campaign was a huge success, with hundreds of firms and organisations around the world, including Israel, being compromised.

Share This Post:

Facebook
Twitter
LinkedIn
Pinterest
Email
WhatsApp
Arjun Gopireddy
Arjun Gopireddy
Arjun is an Information Security Specialist, and his main role is to support our clients by identifying and advising on mitigating information security risks. Holding a Master’s degree in Cyber Security (UK) and Engineering Management (USA) his knowledge and skills are shared with our clients. Outside of work Arjun likes watching movies, travelling, playing cricket, football and doing adventurous things such as sky diving. He is the biggest fan of Yuvraj Singh – a former Indian international cricketer.
What our clients say:
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue