Summary: Kaspersky Labs has uncovered a sophisticated cyber-espionage campaign named “Operation SyncHole,” attributed to the Lazarus group, which targets critical sectors in South Korea. The attackers utilized a combination of watering hole tactics and exploitation of software vulnerabilities, allowing them to deploy advanced malware strains. Their approach reflects an evolution towards stealth and modularity in malware design.
Affected: South Korean critical industries (software, IT, financial, semiconductor, telecommunications)
Keypoints :
- Operation SyncHole began with watering hole attacks redirecting victims to attacker-controlled pages.
- The Lazarus group exploited vulnerabilities in Cross EX and Innorix Agent for malware injection and lateral movement.
- New malware variants exhibited advanced techniques, including in-memory execution and hybrid control mechanisms.
Source: https://securityonline.info/lazarus-groups-operation-synchole-targets-south-korean-industries/