Lazarus APT delivers malware using Windows Update

One of the most sophisticated North Korean APTs, Lazarus Group, created in 2009, launched a recent hacker attack. Attackers used Windows Update to execute the malicious payload.

Lazarus APT is responsible for many high profile attacks and gained worldwide attention. The next step of the hacker group was revealed by researchers from Malwarebytes' Threat Intelligence Team.

The Malwarebytes team reported the rogue GitHub account for harmful content and posted the detailed information about the latest data security incident.

The following image published by researchers shows the full cyberattack process. The cyberattack starts by executing the malicious macros from the Word document. The malware performs some injections and achieves startup persistence in the target system.

It is noteworthy that even though Lazarus APT used their old job theme algorithm, this time the North Korean hackers added new methods. Lazarus operators used the Windows Update client for malware execution and GitHub as a command and control server.

Presently, the SafetyDetectives researchers published results of their investigation. They revealed that a leading security services provider of on-site guarding and risk management Securitas exposed a whopping 3 terabytes of data including over 1.5 million files.