Cyberattack on Medical and Energy Sector by Lazarus Group

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

A cyber-attack conducted by North Korean state-sponsored Lazarus Group targeted public and private sector research organizations, the medical research and energy sector as well as their supply chain for intelligence benefit, exploiting known vulnerabilities in unpatched Zimbra devices and using off-the-shelf webshells, custom binaries, and abusing legitimate Windows and Unix tools.