APT targets orgs as part of coordinated espionage campaign
We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Today, the Symantec Threat Hunter Team released a blog post reporting that it had observed an advanced persistent threat group (APT) known as Lazarus, orchestrating an espionage campaign to target organizations within the chemical sector.
The group behind the attack, Lazarus, appears to be continuing a malicious campaign referred to as Operation Dream Job, a malicious campaign first discovered in August 2020, where attackers email attractive fake job offers to employees to trick them into opening malware attachments or clicking on links through to malware-hosting websites.
While this attack mainly targeted organizations in the chemical sector it also targeted a number of companies in the IT sector as well as individuals across the defense, government, and engineering sectors.
Why enterprises need a strategy to mitigate espionage-style attacks
Many organizations have long feared the advancement of state-sponsored attacks, with 80% of organizations reporting being concerned about their organization falling victim to a nation-state cyberattack.
Now with Lazarus using these espionage tactics to steal intellectual property, more attackers are going to start to imitate these techniques to gain access to protected information and regulated data across all sectors.
“The first thing to say is that espionage operations of this kind can and do target private organizations. We’ve seen Operation Dream Job hit a wide range of sectors at this stage, To protect themselves, organizations should adopt a defense in-depth strategy, using multiple detection, protection, and hardening technologies to mitigate risk at each point of the potential attack chain,” said Dick O’Brien, principal intelligence analyst for the Symantec Threat Hunter Team.
Tools of the trade: spear phishing
This latest attack has highlighted that spear phishing is one of the most powerful tools that threat actors have at their disposal, as an attacker only needs to trick an employee into clicking on a single malicious link or attachment to gain a foothold in the environment.
A single click on a link or attachment can infect their computer with malware and provide an access point to the network where the attacker can start working to establish lateral movement throughout the network to locate critical data assets that they can steal.
“It had all the hallmarks of a classic cyber espionage operation, from the attractive initial lure of a fake job offer, to their ability to obtain credentials, move laterally across the target’s network and ensure that they maintain a persistent presence on the network in order to get the data they’re looking for. It’s obvious that they’re veteran operators, with the knowledge of how to fly under the radar by maximizing their use of operating system features, legitimate tools, or Trojanized versions of legitimate tools,” O’Brien said.
How to stop espionage attempts
Defending against an attack orchestrated by an APT is no easy feat. It only takes one employee to click on a link to cause a full-blown data breach. As a result, organizations need to optimize their security defenses if they want to prepare to mitigate espionage threats.
Measures that O’Brien recommends include implementing solutions for monitoring and detecting threats throughout your IT environment, ensuring the latest version of PowerShell is deployed with logging enabled, and auditing and controlling administrative amount usage.
O’Brien also highlights the importance of organizations raising awareness employee awareness of spear phishing, so they’re equipped to spot manipulation attempts whenever they encounter them.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.
Source: Read Full Article