Summary: Kaspersky researchers reported that the North Korean APT group Lazarus has targeted at least six South Korean firms in a sophisticated cyber espionage campaign called Operation SyncHole, exploiting vulnerabilities in local software. The campaign has been ongoing since November 2024, utilizing various malware and tactics including watering hole attacks to infiltrate sectors such as IT, finance, semiconductors, and telecoms. Kaspersky has issued warnings and identified multiple phases of the attack, showcasing the group’s adaptability and focus on stealth.
Affected: South Korean organizations in IT, finance, semiconductors, and telecommunications
Keypoints :
- The Lazarus group exploited vulnerabilities in South Korean software, specifically Innorix Agent and Cross EX, for lateral movement and malware deployment.
- Operation SyncHole consisted of two phases, transitioning from ThreatNeedle and wAgent malware to SIGNBT and COPPERHEDGE in response to initial detections.
- The campaign underscores the ongoing threat to South Korean supply chains and highlights the necessity for enhanced cybersecurity measures against evolving attack methodologies.