Cryptocurrency Businesses Still Being Targeted by Lazarus (Mar 26, 2019)
Researchers at Kaspersky Lab discovered a new phishing campaign conducted by Advanced Persistent Threat (APT) group, "Lazarus Group," that has been targeting South Korean cryptocurrency professionals. The phishing Korean Hangul Word Processor (HWP) document purported to be either a "Sample document for business plan evaluation of venture company" or a business overview from the Chinese technology consulting organisation, "LAFIZ." Both documents requested macros to be enabled to be viewed properly, and if allowed, would install malware on the user's machine. The malware is suited for both Windows operating systems and Mac operating systems.
Recommendation: Files that request content be enabled to properly view the document are often signs of a phishing attack. If such a file is sent to you via a known and trusted sender, that individual should be contacted to verify the authenticity of the attachment prior to opening. Thus, any such file attachment sent by unknown senders should be viewed with the utmost scrutiny, and the attachments should be avoided and properly reported to appropriate personnel.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.