The infamous APT hacking team "Lazarus" is behind two recent ones cyber attacks aimed at two separate entities investigating COVID-19. In one attack, a Ministry of Health entity was "infected" with malware. In the other attack, a different type of malware was used against a pharmaceutical company working on the development vaccine for COVID-19.
The attacks, which took place in the autumn of this year, were identified by Kaspersky investigators. Despite the use of different tactics, techniques and procedures (TTP) in each attack, the researchers have confidently assessed that both malicious activities are attributed to the hacking group "Lazarus", which is said to be linked to South Korea.
Investigators found that on October 27, two Windows servers belonging to a Ministry of Health entity were infected with advanced malware, known as "wAgent". After further analysis, it was found that the malware used against the public health office had the same pattern of infection as Lazarus's previous attacks on businesses. encryption.
The attack on the pharmaceutical company took place on September 25. The researchers found that hackers used Bookcode malware in a supply chain attack through a company software of South Korea. This type of malware has been reported in the past by the security company "ESET", which linked it to the hacking group "Lazarus".
Bookcode and wAgent malware have similar functions - both full-featured backdoor. After the final payload is deployed, the malware operator can take control of a victim's machine.
Seongsu Park, a security expert at Kaspersky, said the two cyberattacks reveal Lazarus' interest in information related to COVID-19. He added that while the hacking team is known mainly for its financial activities, it is now proving that it can also "hit" strategic research.
So Park issued a warning to all of them organizations working on pandemic research and control, noting the following: "We believe that all entities currently involved in activities such as vaccine development or crisis management should be vigilant against cyber-attacks.".