Lazarus Groups Adaptive TTPs to Mislead Cybersecurity Researchers The Dark Seoul operation is believed to be controlled by Bureau 121, within North Korea's RGB. The Ghost RAT is believed to be controlled by the Dark Seoul cyber operation. Both the IP addresses associated with the Ghost RAT fell within the same range as one of the IP addresses (175.45.178.222) that Group-IB researchers linked to Lazarus Group cyberattacks that have occurred since March 2016. The two IP addresses were associated with the Ghost Remote Access Trojan (RAT).
#Lazarus group motives tv#
Group-IB's investigation turned up a 2016 South Korean Arirang TV Agency report, in which the researchers noticed two IP addresses (175.45.178.19 and 175.45.178.97) in the background on a news graphic. The researchers found additional links while revisiting past cyberattacks believed to have originated in North Korea.
"The second IP address relates to Potonggang District, perhaps coincidentally, where National Defence Commission is located - the highest military body in North Korea," the report notes. Group-IB's research included a "broad range of data, both technical and strategic, which places clear attribution on North Korea," the report said.īased on a detailed study of attack infrastructure, Group-IB traced the origin of Lazarus Group's cyberattacks through a three-tiered C&C architecture to two North Korean internet protocol (IP) addresses: 210.52.109.22 and 175.45.178.222. Threat actors can reuse source code, the researchers noted, which often prevents conclusive attribution. In the 53-page report, Group-IB researchers said they broadened their investigation from just Lazarus Group's malware code. Yet, the evidence to support these conclusions continues to mount. Still, many stopped short of claiming a direct link or attributing Lazarus hacks to North Korea's military. Much evidence pointed to a close association between Lazarus Group and the North Korean military. The hackers also pulled off "several successful attacks without employing 0-day exploits."Ĭybersecurity researchers have studied the mysterious Lazarus Group for years. Lazarus Group "demonstrated a flexible approach to attacks by applying different hacking tools, which prevented their detection by endpoint security solutions," the researchers wrote.
0 kommentar(er)
