The incident response team of HvS-Consulting AG was involved in coordination, analysis, and remediation of multiple Advanced Persistent Threats (APT) against different European customers operating in the manufacturing and electrical industry. During incident response it turned out that industries and products of the affected companies are related to each other and the observed Tactics, Techniques & Procedures (TTP) and Indicators of Compromise (IOC) can be attributed with high confidence to the APT group Lazarus, which is considered to belong to the North Korean government.
Download the full report including details of the threat actor’s behavior and the toolset of later phases of the Mitre Att&ck framework.
The IOCs and YARA rules identified during the investigation can be downloaded from our GitHub Repository: https://github.com/hvs-consulting/ioc_signatures. Feel free to use it in your security monitoring toolstack or for APT hunting.