Lazarus group uses cookieplus malware to target nuclear engineers

Intel Name: Lazarus group uses cookieplus malware to target nuclear engineers

Date of Scan: December 26, 2024

Impact: Medium

Summary:
The Lazarus Group, a threat actor linked to North Korea, targeted employees of a nuclear-related business using a sophisticated infection chain. The attacks, part of Operation Dream Job (also known as NukeSped), led to the installation of a new modular backdoor called CookiePlus. The group has been running this cyber espionage campaign since at least 2020, luring targets with fake job offers to distribute malware. In this latest attack, Lazarus used a trojanized VNC tool to conduct a skill evaluation under the guise of IT job assessments at aerospace and military companies, continuing its focus on nuclear engineers and supply chain attacks.

More Details