North Korea's Lazarus Group Targets Tech Workers with New Kaolin Malware

The notorious North Korean hacking group known as Lazarus has deployed a new malware called Kaolin to remotely control the systems of technical professionals, according to a report by Czech cybersecurity firm Avast. The malware is being spread through fake job offers targeting individuals in the technology industry.

Kaolin, the newly identified malware, is capable of executing standard functions associated with remote access trojans (RATs). These functions allow the attackers to gain unauthorized access to the victim's computer and perform various malicious activities. In addition to its RAT capabilities, Kaolin can also manipulate file timestamps, altering the recorded time when a selected file was last modified or loaded.

Why this matters: The Lazarus Group's targeting of technical professionals through fake job offers signifies a shift in their tactics and a potential expansion of their objectives. This development emphasizes the need for increased vigilance and security measures within the technology industry to protect against such targeted attacks.

Avast's report sheds light on the Lazarus Group's "special interest" in new targets, deviating from their previous focus on infiltrating defense firms. The group's use of fake job offers as a lure to deliver the Kaolin malware demonstrates their adaptability and willingness to exploit new avenues to compromise high-value targets.

The discovery of Kaolin and its deployment by the Lazarus Group serves as a sobering reminder of the persistent threat posed by North Korean state-sponsored hackers. "We have observed Lazarus Group's special interest in new targets," stated the Avast report, underlining the group's evolving tactics and expanding scope of operations.

As the investigation into the Lazarus Group's activities continues, cybersecurity experts stress the importance of robust security measures and employee awareness training to mitigate the risk of falling victim to such targeted attacks. Organizations in the technology sector are advised to remain vigilant and promptly report any suspicious job offers or communications to the appropriate authorities.

Key Takeaways

• Lazarus, a North Korean hacking group, deployed new malware called Kaolin to control tech workers' systems.
• Kaolin can execute remote access trojan functions and manipulate file timestamps to compromise victims.
• Lazarus is shifting tactics, targeting tech professionals through fake job offers, expanding their objectives.
• Kaolin's discovery highlights the persistent threat of North Korean state-sponsored hackers and their evolving tactics.
• Robust security measures and employee awareness are crucial to mitigate the risk of such targeted attacks.