Greetings from Lazarus

Full report, IOCs and YARA rules of multiple Advanced Persistent Threats (APT)

Anatomy of a cyber espionage campaign

The incident response team of HvS-Consulting AG was involved in coordination, analysis, and remediation of multiple Advanced Persistent Threats (APT) against different European customers operating in the manufacturing and electrical industry. During incident response it turned out that industries and products of the affected companies are related to each other and the observed Tactics, Techniques & Procedures (TTP) and Indicators of Compromise (IOC) can be attributed with high confidence to the APT group Lazarus, which is considered to belong to the North Korean government.

Download the full report including details of the threat actor’s behavior and the toolset of later phases of the Mitre Att&ck framework. In addition IOCs and YARA rules identified are available in our GitHub Repository. Feel free to use it in security monitoring or for APT hunting.

Lazarus Report