Lazarus 600M is a new cyber attack campaign that is believed to be backed by North Korea. The campaign is targeting financial institutions in the United States, with the aim of stealing large sums of money. According to reports, the group has already stolen more than $100 million from various banks and financial institutions around the world.
The campaign is believed to have started in late 2019 and is still ongoing. It is carried out using a variety of techniques, including spear-phishing emails, malware, and social engineering tactics. The attackers are using a range of different malware tools, including the “Anchor” malware, which is designed to give the attackers remote access to compromised systems.
How does the campaign work?
The Lazarus 600M campaign is highly sophisticated and involves a number of different stages. The first stage involves identifying potential targets and gathering information about them. This is done using a variety of techniques, including social engineering tactics and spear-phishing emails.
Once the attackers have identified a target, they will attempt to gain access to their systems using malware. This can be done in a number of ways, including by sending a malicious email attachment or by exploiting vulnerabilities in the target’s software.
Once the attackers have gained access to a target’s system, they will use a range of different techniques to move laterally through the network and gain access to other systems. This can involve using stolen credentials, exploiting vulnerabilities, or using social engineering tactics to trick users into giving them access.
Once the attackers have gained access to a target’s systems, they will typically install a backdoor that allows them to maintain access even if the original entry point is discovered and closed off. They will then use this access to steal sensitive data and carry out fraudulent transactions.
Who is behind the campaign?
While it is difficult to say for certain who is behind the Lazarus 600M campaign, there is strong evidence to suggest that it is backed by North Korea. The Lazarus group has been linked to a number of previous cyber attacks that have been attributed to North Korea, including the Sony Pictures hack and the WannaCry ransomware attack.
There are a number of reasons why North Korea might be carrying out these attacks. One possibility is that it is trying to raise funds for its nuclear weapons program. Another possibility is that it is trying to circumvent international sanctions by stealing money from foreign banks.
What can be done to prevent these attacks?
Preventing cyber attacks like Lazarus 600M is a complex and ongoing process. There are a number of steps that financial institutions can take to reduce their risk of being targeted by these attacks.
One of the most important steps is to ensure that all software and systems are kept up-to-date with the latest security patches. This can help to prevent attackers from exploiting known vulnerabilities in software.
Another important step is to educate employees about the risks of phishing emails and other social engineering tactics. By training employees to recognize and report suspicious emails, financial institutions can reduce their risk of falling victim to these attacks.
Finally, financial institutions should consider investing in advanced threat detection and response technologies. These technologies can help to detect and respond to cyber attacks in real-time, reducing the damage caused by these attacks.
Conclusion:
The Lazarus 600M campaign is a highly sophisticated cyber attack campaign that is believed to be backed by North Korea. The campaign is targeting financial institutions in the United States, with the aim of stealing large sums of money. While preventing these attacks is a complex and ongoing process, there are a number of steps that financial institutions can take to reduce their risk of being targeted. By keeping software up-to-date, educating employees about the risks of phishing emails, and investing in advanced threat detection and response technologies, financial institutions can reduce their risk of falling victim to these attacks.