Hack Reports - Latest Cybersecurity News, Trends & Updates

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

Geetansh -

Latest News on Lazarus Group CookiePlus Malware and Cyber Espionage Targeting Nuclear Engineers

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware:
The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed targeting at least two employees belonging to an unnamed nuclear-related organization in January 2024. The attacks involved a "complex infection chain" that culminated in the deployment of a new modular backdoor referred to as CookiePlus134.

Key Highlights:

  • Targeted Organization: The attacks were directed at nuclear engineers, indicating a specific and potentially high-stakes target.
  • Malware Deployment: The Lazarus Group used a complex infection chain to deploy the CookiePlus malware, which is a new modular backdoor.
  • Geopolitical Implications: The involvement of the Lazarus Group, a threat actor linked to North Korea, suggests a potential state-sponsored cyber espionage operation.

North Korea Cyber Attacks 2024

Recent Developments:

  1. LockBit Developer Charged:

    • Rostislav Panev, a dual Russian and Israeli national, has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 20241.

  2. North Korean Sanctions Conspiracy:

    • The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People's Republic of Korea (DPRK) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations1.

  3. IOCONTROL Malware:

    • Iran-affiliated threat actors have been linked to a new custom malware called IOCONTROL, which targets IoT and operational technology (OT) environments in Israel and the United States. This malware is designed to attack IoT and SCADA devices1.

Summary:

The Lazarus Group's recent activities, including the deployment of CookiePlus malware targeting nuclear engineers, highlight the sophisticated and targeted nature of North Korean cyber espionage operations. Additionally, recent indictments and malware developments underscore the ongoing cyber threats emanating from North Korea and its allies.