A sophisticated espionage campaign targeting aerospace and defense organizations is active, using a new Comebacker backdoor variant by the Lazarus Group. The campaign involves targeted spear phishing with malicious documents impersonating key industry organizations, with advanced encrypted command-and-control communications. #LazarusGroup #ComebackerBackdoor
Keypoints
- The Lazarus Group is deploying a new, more advanced Comebacker backdoor in targeted espionage operations.
- The attack chain begins with malicious Word documents disguised as communications from industry organizations like Airbus and IIT Kanpur.
- The malware uses sophisticated encryption (ChaCha20 and AES-128-CBC) for payloads and C&C communications, enhancing operational security.
- Multiple C&C domains, including office-theme[.]com and birancearea[.]com, are utilized for command infrastructure redundancy.
- The campaign’s focus on aerospace and defense sectors indicates strategic nation-state espionage objectives, requiring robust defense measures.
Read More: https://gbhackers.com/lazarus-group/