Skip to content

Lazarus rising: North Korean state hackers focused on IT supply chain

Posted by: GuidePoint Security

< 1 min read

Published 11/4/21, 9:00am

The state-sponsored North Korean criminal gang known as Lazarus is redirecting and expanding efforts on supply chain attacks according to industry security researchers. Using a new variant of the BLINDINGCAN backdoor (identified in August 2020 by CISA and the FBI), the threat has capabilities that include removing itself from compromised systems to evade detection, spawning and kill processes, file tampering, and data exfiltration. 

Also tracked as Hidden Cobra, the Lazarus group is a military hacking group sponsored by the North Korean government (officially known as the Democratic People’s Republic of Korea (DPRK)). Attacks involve carefully constructed, multi-stage processes using several layers of command and control (C2) servers. 

Next Steps

To protect against BLINDINGCAN attacks, cybersecurity experts and the FBI advise organizations to follow cybersecurity best practices including:

  • Maintain up-to-date security
  • Update and patch system and software quickly.
  • Use multi-factor authentication
  • Apply least privilege
Categories: Blog Cybersecurity News Threat Advisory

GuidePoint Security

The Brick House – Supply Chain Risks
Recent events have pushed supply-chain attacks to the forefront of cybersecurity conversations around the globe. Tune in to a conversation about the risks third parties pose to your organization and ways to mitigate those dangers. Watch our candid conversation on preparing your environment for the threat of supply chain risks.
Watch Now

Related Articles

View All

  • Governance, Risk & Compliance
The Brick House – Supply Chain Risks
Read More < 1 min read
  • Blog
Examining the EO Mandate on Supply Chain Risk Management
Posted by: Jean-Paul Bergeaux
Read More < 1 min read
  • Governance, Risk & Compliance
Third Party Risk Management
Read More < 1 min read