Cisco Talos has uncovered a new cyber hacking campaign it has named “Operation Blacksmith.” Its researchers traced the activity to the North Korean Lazarus Group, regarded as an advanced persistent threat for its malicious cyber activities.
The company said the hackers target the vulnerabilities of manufacturing, agricultural and physical security enterprises around the world using at least three different Telegram-based malware. It added that consistent with findings from other cybersecurity research groups, Lazarus is composed of subgroups focused on hacking targets in various areas, including defense, politics, national security, and research and development.
According to Cisco’s researchers, the subgroups operate independently of each other, with a subgroup creating its own campaign, developing and deploying malware tailor-fit to its target.
The typical task of one of the subgroups, Andariel, is creating initial access, reconnaissance and long-term access for espionage to support Pyongyang interests. Work that authorities have attributed to Andariel includes the recent ransomware attacks on health care organizations.