Gone are the days when cybercriminals were tech-savvy teenagers doing tests and practices on the Internet, then posting their exploits on forums or creating malware just for fun or revenge on those who bullied them at school. At present the cyber attackers panorama is extremely worrying, since it includes from rookies without skills to large criminal groups with sophisticated tools or entire countries with armies of cyber soldiers, today we will see a very dangerous group called Lazarus.
Lazarus is known for perhaps the greatest cyber assault of all time: the attack on the Bangladesh Bank, which led to the theft of more than $ 100 million dollars in February 2016. Lazarus has been behind numerous operations in the last decade, starting with DDoS attacks against South Korean websites, then targeting financial organizations and infrastructure in that country, as well as the attack on Sony Pictures in 2014 and the launch of the WannaCry ransomware in 2017.
In recent years, Lazarus began exploring ransomware, cryptocurrencies, and developed social engineering skills that they put to use during the COVID-19 pandemic, when pharmaceutical companies, including vaccine manufacturers, became some of his targets. . Now this group is spreading DDoS campaigns threatening companies with emails which they say will attack in seven days and mention that the smallest attack will target a specific IP address, subnet or autonomous system. The maximum attack speed will be “2 Tbps”
It appears that the attackers have expanded their target industries. The latest campaign targets energy, finance, insurance, manufacturing, utilities and retail, the researchers report, with most of the attacks targeting US companies or those with a global presence.
There are more differences between the group’s previous attacks and those that Proofpoint detected more recently. His new nickname of Fancy Lazarus is the main change, says DeGrippo, and his emails are similar to those sent in December 2020. Threat actors send their campaigns when prices are most advantageous, trying to make more money when different currencies they have a high valuation.
Organizations must be prepared to confront these groups of criminals by ensuring that appropriate mitigations are in place and having a disaster recovery plan in place. The right partnerships and technology to help filter DDoS traffic can aid in the response, and having a plan for when these attacks occur is key.
Other reads:
Prometheus and Grief, 2 New Ransomware Groups
FIN7, a dangerous group of hackers
