The Qualys Research Team just announced it has identified a new Lazarus campaign using employment phishing lures targeting the defense sector.
February 2022 by Qualys
The APT group (state-sponsored hacking gang with ties to North Korea) has been impersonating Lockheed Martin in the latest operation – a company deeply involved in aeronautics, military technology, mission systems and space exploration.
Key information of the campaign:
• The identified variants target job applicants for Lockheed Martin Corporation.
o An American aerospace, arms, defense, information security, and technology corporation.
o The company generated $65.4 billion in sales in 2020 and has approximately 114,000 employees worldwide.
• This is thematically similar to other observed variants where Lazarus has posed as defense companies like Northrop Grumman and BAE Systems with job openings.
• Qualys refers to this campaign as “LolZarus” due to the use of different lolbins in observed samples – some of which are the lolbin’s first recorded usage by a well-known adversary.