Lazarus Group Multichannel TTPs Becoming the Norm

On June 1, 2022, researchers at ESET published information on recent attacks attributed to the North Korean group Lazarus (also known as APT38). In the article, ESET described one of the group’s long running campaigns and the TTPs they are using. Among the tactics, ESET mentioned that Lazarus used fake recruitment scams and messaging applications (specifically LinkedIn, WhatsApp, and Slack). While they didn’t give specific details about how the attacks were carried out, this does highlight the need for enterprises to think outside of the traditional email security box and consider how to defend their entire business communications ecosystem from cross-channel attacks.

In the past year, we have seen multiple threat actor groups and cyber criminals utilize mobile messaging to gain entry or escalate privileges within an enterprise. Additionally, we are seeing a rising trend in credential stealers that are targeting accounts for applications like Telegram. Of course these channels look attractive to APT groups like Lazarus, as they tend to connect to devices outside of the organization's perimeter (like BYOD phones) and they have little to no native protections on them for detecting malware, malicious links, or language indicative of social engineering attacks. On top of that, most defenders have barely any visibility into these channels, so when an attack occurs through one of them, they likely will not be alerted to it.

SafeGuard Cyber’s mission is to help defenders gain the unified visibility needed to detect suspicious/malicious activity, and get alerts on such events. We do so in a manner that consolidates the security for over 30 messaging applications into one unified solution that can provide the same level of visibility and automated analysis across them all.

To see how we do this, please take a look at our demo for detecting a multi-channel fake recruitment scam that we analyzed with our platform, or read the full write up on multi-channel attacks here.

If you are interested in learning more about the SafeGuard Cyber solution, you can take a quick 5-minute tour.

Product

Security

Compliance

Integrations

Key Integrations

Security and Compliance for WhatsApp

Enhanced Security for Slack

Telegram Security and Compliance

Security

Compliance

By Industry

By Initiative

Resource Center

Information Center

Security

Compliance

Top Blogs

The Importance of Large Language Models (LLMs) in Modern Cybersecurity: Deciphering Context and Intent

Language as a Battlefield: Contextual AI's Countermeasures Against Emerging Cyber Threats

Understanding the Impact of the New SEC Guidelines on Cybersecurity

Illuminate Partner Program

BlueAlly Partners with SafeGuard Cyber to Provide Business Communication Compromise Services

Explore the intersection of security and digital transformation

Company

Vision & Voice

We are growing

Lazarus Group's Multichannel TTPs Becoming the Norm

Product

Security

Compliance

Integrations

Key Integrations

Security and Compliance for WhatsApp

Enhanced Security for Slack

Telegram Security and Compliance

Security

Compliance

By Industry

By Initiative

Resource Center

Information Center

Security

Compliance

Top Blogs

The Importance of Large Language Models (LLMs) in Modern Cybersecurity: Deciphering Context and Intent

Language as a Battlefield: Contextual AI's Countermeasures Against Emerging Cyber Threats

Understanding the Impact of the New SEC Guidelines on Cybersecurity

Illuminate Partner Program

BlueAlly Partners with SafeGuard Cyber to Provide Business Communication Compromise Services

Explore the intersection of security and digital transformation

Company

Vision & Voice

We are growing

Lazarus Group's Multichannel TTPs Becoming the Norm

Related Content

Expert Insights on Cloud App Risks