Amazon-themed campaigns of Lazarus in the Netherlands and Belgium

ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers.

REFERENCE: https://www.welivesecurity.com/2022/09/30/amazon-themed-campaigns-lazarus-netherlands-belgium/

TAGS: CVE-2021-21551, Dell DBUtil, http(s) backdoor, kernel memory, driver exploit, RAT, dropper, ssl sniffer, dll-sideloading

ADVERSARY: Lazarus

INDUSTRIES: Defense, Media, Political, Aerospace

TARGETED COUNTRIES: Belgium, Netherlands

MALWARE FAMILIES: BLINDINGCAN, Trojan:Win32/Nukesped, Trojan:Win64/NukeSped

ATT&CK IDS: T1104 - Multi-Stage Channels, T1553 - Subvert Trust Controls, T1562 - Impair Defenses, T1055 - Process Injection, T1095 - Non-Application Layer Protocol, T1134 - Access Token Manipulation, T1082 - System Information Discovery, T1014 - Rootkit, T1027 - Obfuscated Files or Information, T1059 - Command and Scripting Interpreter, T1070 - Indicator Removal on Host, T1071 - Application Layer Protocol, T1106 - Native API, T1132 - Data Encoding, T1140 - Deobfuscate/Decode Files or Information, T1204 - User Execution, T1218 - Signed Binary Proxy Execution, T1547 - Boot or Logon Autostart Execution, T1560 - Archive Collected Data, T1566 - Phishing, T1573 - Encrypted Channel, T1574 - Hijack Execution Flow, T1584 - Compromise Infrastructure, T1587 - Develop Capabilities

Read More:

https://otx.alienvault.com/pulse/633c7f2703c1f6dec01555e5