Lazarus APT updates its toolset in watering hole attacks
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Lazarus group has launched a sophisticated attack campaign dubbed 'Operation SyncHole' targeting South Korean organizations. The operation combines watering hole attacks with exploitation of vulnerabilities in South Korean software. At least six organizations in the software, IT, financial, semiconductor manufacturing, and telecommunications industries were compromised. The attackers utilized updated versions of known Lazarus malware tools, including ThreatNeedle, wAgent, and COPPERHEDGE. They also exploited vulnerabilities in Cross EX and Innorix Agent software for initial access and lateral movement. The campaign demonstrates Lazarus' ongoing focus on supply chain attacks targeting South Korean entities and their deep understanding of the local software ecosystem.
OPENCTI LABELS :
apt,supply chain,watering hole,south korea,vulnerability exploitation,copperhedge,threatneedle,agamemnon downloader,signbt,wagent
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Lazarus APT updates its toolset in watering hole attacks