North Korean state hackers had undetected access to the computer systems of Dutch companies from the aerospace and defence sectors for months. It is likely that high-quality knowledge was looted. The perpetrators also tried to steal money but failed.
This is according to research by cybersecurity company ESET.
This is what you need to know about Lazarus
The security company suspects that Lazarus is behind the cyber espionage. That is a hacker group with close ties to the North Korean intelligence and security service. Members mainly steal sensitive information from governments and international organizations. In addition, they try to loot money to pay for their operations. The group is said to have more than 6,000 members.
Lazarus has several major hacking attacks to his name. Security experts believe the hacker collective is responsible for the 2014 hack on Sony Pictures Entertainment. Much sensitive information from Sony was stolen and much of the network was destroyed.
The hacker group is also associated with the theft of $81 million from a bank in Bangladesh in 2016. It is rumoured that Lazarus is also responsible for the WannaCry ransomware attacks in 2017. Worldwide, 300,000 computers and laptops were infected in 150 countries. with this ransomware. Last year, the US Department of Justice sued three IT programmers for allegedly working for the North Korean government.
Lazarus makes victims worldwide
According to ESET, Lazarus spied on Dutch companies active in the aerospace and defence sectors for months. The primary goal of this operation was to loot as much high-quality knowledge and sensitive data as possible. The hackers also tried to steal money, but without success.
Our country was not the only target of Lazarus. The hacker group also targeted defence and aerospace companies from France, Italy, Germany, Poland and Ukraine, Turkey, Qatar and Brazil.
Hackers pretended to be fake recruiters
Although the members used different types of malware, the method or modus operandi was always the same. One member of the group pretended to be a recruiter and approached employees via LinkedIn with a new job offer. In the email correspondence that followed, the fake recruiter sent malicious attachments. Once opened and installed, he could access the corporate network and steal data undetected.
The same ‘recruitment campaign’ was applied everywhere. To make the scam even more credible, the hackers also used services such as WhatsApp and Slack. In the Netherlands, employees of a Dutch defence company were approached in September 2021 by a fake recruiter who supposedly worked for Amazon.
We are not yet rid of Lazarus
Dave Maasland, director of ESET Netherlands, tells NU.nl that it is difficult to determine whether and how much information has been stolen. But it is certain that they are not amateur hackers or script kiddies, according to him. “They are not house-garden criminals. We must assume that their attacks are usually successful and that they are difficult to detect. This cannot be prevented or solved one-two-three,” says Maasland.
The CEO says that the Lazarus hackers were last active in our country in March. That doesn’t mean we’re rid of them. “Maybe they realized they were being followed and went back to the drawing board. They are constantly working towards their goals, they keep going and they come back. And we can’t rule out that they are still active, that’s the honest story,” says Maasland.
Catch up on more articles here
Follow us on Twitter here