Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign
Apr 13, 2023
Cyber Attack / Cyber Threat
The North Korean threat actor known as the Lazarus Group has been observed shifting its focus and rapidly evolving its tools and tactics as part of a long-running campaign called DeathNote . While the nation-state adversary is known for persistently singling out the cryptocurrency sector, recent attacks have also targeted automotive, academic, and defense sectors in Eastern Europe and other parts of the world, in what's perceived as a "significant" pivot. "At this point, the actor switched all the decoy documents to job descriptions related to defense contractors and diplomatic services," Kaspersky researcher Seongsu Park said in an analysis published Wednesday. The deviation in targeting, along with the use of updated infection vectors, is said to have occurred in April 2020. It's worth noting that the DeathNote cluster is also tracked under the monikers Operation Dream Job or NukeSped . Google-owned Mandiant has also tied a subset of the activit