Pivots into New Lazarus Group Infrastructure, Acquires Sensitive Intel Related to $1.4B ByBit Hack and Past Attacks
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A significant discovery has been made regarding the Lazarus Advanced Persistent Threat (APT) Group's infrastructure. Analysts have uncovered a domain registered by the group shortly before the $1.4 billion Bybit crypto heist, linked to an email address used in previous attacks. The investigation revealed 27 unique Astrill VPN IP addresses in logs associated with the group's test records. The ongoing campaign involves fake job interviews on LinkedIn to lure victims into downloading malware. The research also uncovered connections to multiple domains likely part of Lazarus infrastructure, with a focus on employment scams targeting the crypto community. The group's tactics include sophisticated social engineering and malware deployment methods.
OPENCTI LABELS :
apt,phishing,social engineering,north korea,cryptocurrency,bybit
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Pivots into New Lazarus Group Infrastructure, Acquires Sensitive Intel Related to $1.4B ByBit Hack and Past Attacks