North Korean hackers target defense industry with custom malware


Level 83
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
A North Korean-backed hacking group has targeted the defense industry with custom backdoor malware dubbed ThreatNeedle since early 2020 with the end goal of collecting highly sensitive information.

This espionage campaign affected organizations from more than a dozen countries and was coordinated by DPRK-backed state hackers tracked as Lazarus Group.

The attackers used COVID19-themed spear-phishing emails with malicious attachments or links as the initial access vector to the companies' enterprise network.

After the initial compromise, they installed the group's custom-made ThreatNeedle backdoor malware first used in 2018 in attacks targeting cryptocurrency businesses.

"Once installed, ThreatNeedle is able to obtain full control of the victim’s device, meaning it can do everything from manipulating files to executing received commands," Kaspersky security researchers said earlier today.