North Korea (Lazarus Group): A new campaign which is believed to be tied to Lazarus Group was uncovered which was targeting Russian organizations. The campaign utilized malicious office documents to infect Russian organizations, specifically those with U.S. interests, with an updated version of the Keymarble backdoor. The researchers who discovered the campaign tied it to Lazarus group based on the use of Keymarble and “other techniques used in other Lazarus Group attacks.” This is an extremely odd turn of events considering Russia has been one of North Korea’s few supporting allies in the region. After China kicked out North Korean businesses and organizations, they also severely restricted North Korea’s access to the internet. Following this change in relations with China, Russia chose to move in and allow North Korea internet access through Russia. It is highly suspect for North Korea to have targeted Russian entities in light of their relationship. If this actually was the work of Lazarus Group, it could significantly impact the status of Russian and North Korean relations.
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is