Group: Lazarus group, COVELLITE, ...

From attackics
Jump to navigation Jump to search
Lazarus group, COVELLITE, ...
Group
ID G0008
Associated Groups Lazarus group, COVELLITE, HIDDEN COBRA, ZINC, Guardians of Peace
External Contributors Dragos Threat Intelligence

Lazarus group is a suspected North Korean adversary group that has targeted networks associated with civilian electric energy in Europe, East Asia, and North America.12 Links have been established associating this group with the WannaCry ransomware from 2017.3 While WannaCry was not an ICS focused attack, Lazarus group is considered to be a threat to ICS.

North Korean group definitions are known to have significant overlap, and the name Lazarus Group is known to encompass a broad range of activity. Some organizations use the name Lazarus Group to refer to any activity attributed to North Korea.1 Some organizations track North Korean clusters or groups such as Bluenoroff, APT37, and APT38 separately, while other organizations may track some activity associated with those group names by the name Lazarus Group.

Associated Group Descriptions

  • Lazarus group - 425
  • COVELLITE - 2
  • HIDDEN COBRA - 12
  • ZINC - 6
  • Guardians of Peace - 5

Techniques Used

  • Spearphishing Attachment - Lazarus group has been observed targeting organizations using spearphishing documents with embedded malicious payloads.4 Highly targeted spear phishing campaigns have been conducted against a U.S. electric grid company.7

Software