Lazarus launches malware attack on Corona Virus vaccine research


Lazarus group, a much famous hacking group from North Korea, is reported to have launched malware attacks on two separate private entities involved in vaccine research to curb the spread of COVID-19 Pandemic. And in both incidents, the malware infected the entire network by sneaking through Windows software.

In what is known to our Cybersecurity Insiders, the first attack took place at the end of September when a malware named Bookcode was used to sneak into the network of a pharmaceutical company named AstraZeneca to steal vaccine manufacturing information. And in other case, a malware named wAgent was used to attack a network related to the Ministry of Health.

In both cases, the hackers just entered the network, but gained no classified information.

Although both the attacks were launched in a time frame of 30 days, the attributed used in the attack seems to be connected with the much famous Lazarus Group that is been funded by Kim Jong UN led government.

Lazarus that is also known with names such as Hidden Cobra ( named by FBI) and Zinc ( by Microsoft) targets companies, governments, and websites with data stealing malware. And some hacks conducted by them are as follows-

1.) Data breach of Sony Pictures in 2014 where hackers said to have stolen large amounts of data and ended up revealing themselves as “Guardians of Peace”.

2.) Lazarus launched a secret digital campaign in the name of “Operation Troy” where they used Mydoom and Dozer malware to launch DdoS attacks on some renowned South Korean and US websites.

3.) A massive ransomware attack was launched in May 2017 when over 300,000 computer systems operating worldwide were locked down with file encryption malware. Later it was found that the malware infected only Microsoft Windows run machines and was named as Wannacry.

Note- Lazarus can be categorized into two hacking groups named BlueNorOff and AndAriel. While the first one indulges in activities such as illegal money transfers and cryptocurrency steal. The second one is seen only targeting government, defense, and private entities functioning across South Korea.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display