APT targets orgs as part of coordinated espionage campaign

At present, the Symantec Risk Hunter Group launched a blog post reporting that it had noticed a sophisticated persistent menace group (APT) often known as Lazarus, orchestrating an espionage marketing campaign to focus on organizations inside the chemical sector. 

The group behind the assault, Lazarus, seems to be persevering with a malicious marketing campaign known as Operation Dream Job, a malicious marketing campaign first found in August 2020, the place attackers e-mail engaging pretend job affords to staff to trick them into opening malware attachments or clicking on hyperlinks via to malware-hosting web sites.

Whereas this assault primarily focused organizations within the chemical sector it additionally focused plenty of firms within the IT sector in addition to people throughout the protection, authorities, and engineering sectors. 

Why enterprises want a method to mitigate espionage-style assaults   

Many organizations have lengthy feared the development of state-sponsored assaults, with 80% of organizations reporting worrying about their group falling sufferer to a nation-state cyberattack. 

Now with Lazarus utilizing these espionage techniques to steal mental property, extra attackers are going to begin to imitate these strategies to realize entry to protected data and controlled information throughout all sectors.  

 “The very first thing to say is that espionage operations of this type can and do goal non-public organizations. We’ve seen Operation Dream Job hit a variety of sectors at this stage, To guard themselves, organizations ought to undertake a protection in-depth technique, utilizing a number of detection, safety, and hardening applied sciences to mitigate threat at every level of the potential assault chain,” mentioned Dick O’Brien, principal intelligence analyst for the Symantec Risk Hunter Group. 

This newest assault has highlighted that spear phishing is likely one of the strongest instruments that menace actors have at their disposal, as an attacker solely must trick an worker into clicking on a single malicious hyperlink or attachment to realize a foothold within the atmosphere. 

A single click on on a hyperlink or attachment can infect their laptop with malware and supply an entry level to the community the place the attacker can begin working to ascertain lateral motion all through the community to find vital information belongings that they’ll steal. 

“It had all of the hallmarks of a traditional cyber espionage operation, from the engaging preliminary lure of a pretend job provide, to their skill to acquire credentials, transfer laterally throughout the goal’s community and make sure that they keep a persistent presence on the community so as to get the information they’re searching for. It’s apparent that they’re veteran operators, with the information of methods to fly beneath the radar by maximizing their use of working system options, reliable instruments, or Trojanized variations of reliable instruments,” O’Brien mentioned. 

The right way to cease espionage makes an attempt  

Defending in opposition to an assault orchestrated by an APT is not any straightforward feat. It solely takes one worker to click on on a hyperlink to trigger a full-blown information breach. In consequence, organizations have to optimize their safety defenses in the event that they wish to put together to mitigate espionage threats. 

Measures that O’Brien recommends embody implementing options for monitoring and detecting threats all through your IT atmosphere, making certain the most recent model of PowerShell is deployed with logging enabled, and auditing and controlling administrative quantity utilization.  

O’Brien additionally highlights the significance of organizations elevating consciousness worker consciousness of spear phishing, in order that they’re geared up to identify manipulation makes an attempt at any time when they encounter them.